Biometrics in Cyber Security

Abstract

For the last three decades, cyber-security has been a race to protect the privacy of internet users while keeping cyber criminals at bay. The development of biometrics was an instrumental step in safeguarding electronic commerce. Nevertheless, hackers can still access confidential information and gain an authorized access. Despite these improvements, fraud in the cyber space has been on an upward trajectory. Cyber- security experts argue that the use of brainwave signatures for authentication will ensure security for online users. Brainwave authentication will overcome the challenges faced by biometric authentication and give systems an opportunity to revoke access when the psychological profile of the user does not match the records stored in the system.

Introduction

Cyber-security is an arms race between cyber-security experts and cyber criminals. Cyber-security experts in governments and private corporations are in a race to develop new technologies that keep cybercriminals away from private data of users. Cyber-criminals on the other hand are in a race to develop ways of by-passing passwords and security measures. The architecture of the internet in the early 1990s only required a password for a user to access the system. Password crackers were soon developed and hackers could easily crack the password (Dsouza, 2019). The next move in the cyber-security domain was secondary authentication where the user will be provided with a code to a mobile phone number to access the user interface. The secondary authentication introduced in addition to successful login. Soon thereafter, hackers developed mechanisms of hijacking secondary authentication.

The next phase in cyber-security was the use of biometrics in authentication. This has proved to be very effective in securing access to devices and secured locations (Gupta, 2018). However, just like the two previous attempts biometric authentication, creates loopholes that can easily be exploited by hackers. Hackers can easily access the bio-data and get unauthorized access. There is a need for cyber-security officials to end the arms race and offer security to corporations and their customers. The introduction of brainwave technology in the brainwave authentication provides a unique electroencephalogram signature that is unique to the user (Yang , 2018). Although the technology is years from full scale commercial application, it provides a chance to end the arms race in the cyber-security and provide security in the cyber space.

Over View of Different Biometrics in Cyber Security

The internet has paved way for people in different regions of the world to interact without meeting face to face. It has also paved way for businesses to serve customers over the internet without a physical presence. The ease in interactions between business and customers had led to the growth of electronic commerce. It has also led to the rise of cybercrimes which are difficult to prosecute because they are cross-jurisdictional in nature (Genovese & Enreque, 2017). In an attempt to combat cybercrime, businesses have invested heavily in biometrics technology to prevent hackers from accessing the personal information of customers. Apple has made advances in this sector to ensure that customers can access their devices through fingerprint authentication or facial recognition. The financial services sector in the United States and around the globe has spent billions of dollars to develop biometric technologies and as such prevent the monumental losses occasioned by cybercrimes (Dsouza, 2019).

The leading technologies in this sector are facial recognition, finger print identification, iris identification, retina identification, and voice recognition and hand geometry. Retina identification involves the analysis of the capillary vessels located in the human eye. It controls secure access to sensitive locations such as bank vaults, military bases and other installations. Voice recognition involves the analysis of the tone, the depth the cadence and the frequency of a person’s voice (Gupta, 2018). Voice recognition has been employed in mobile phones, personal computers and personal vehicles. These characteristics are unique to every person and they are instrumental in deterring an unauthorized access. Finger print identification is the most commonly used biometric information in cyber security. It is commonly used in accessing mobile phones and allowing access to buildings. The rise of biometric in cyber security can be attributed to defects in standard authentication methods.

The recent Yahoo hack where passwords and personal information of over a billion people were exposed has led for a push for biometric authentication methods in cyber security. Following the Yahoo hack, email service providers are arguing their users to employ a variety of different methods in accessing their personal information (Genovese & Enreque, 2017). Zoho email now requires customers to use finger print identification to enable access. Finger print technology requires both hardware and software components which are not present in the majority of the computers that are in use. Companies are exploring other modes of biometric authentication such as brain wave which is in early stages of development and has not been rolled out to the public in massive scale such as voice recognition or finger print verification.

Elaborate on Use of Brain Wave in Cyber Security

The human brain is an electro-chemical organ that produces electrical pattern during its neurological functions. The human brain consists of billions of neural networks that produce electric voltage when in operation. The electrical activity of the brain is displayed as a brain waves. When the human brain is engaged in brain activity, it displays beta waves, beta waves are of low amplitude and are the fastest. These signs are produced when the brain is actively engaged. The brain produces alpha waves when it is not aroused (Gupta, 2018). Alpha waves are produced when the mind is resting. When a person is day dreaming, the brain produces theta waves. The brain produces delta waves when it is undisturbed and the person is going through deep sleep without dreaming (Dsouza, 2019). An analysis of the beta, theta and alpha waves produced by a person creates an emotional profile which is unique to a person.

The unique neural framework of a person can be detected through wearing an electroencephalogram to measure the brain activity of the user. Instead of requesting for a password, the system displays a series of questions on the screen to determine the psychological profile of the user. The questions will be different from time to time. Each question will generate a very unique electroencephalogram signature for the user (Dsouza, 2019). The brain wave activity will also determine whether the person is too drunk to function and as such lock out the user. The system will also determine how the user responds to external stimuli. This data will be collected as the user is introduced into the system. The unique electroencephalogram signature created by the stimuli can easily be for authentication across multiple devices (Dsouza, 2019).

The use of brainwave as a password on a commercial scale is a decade or two away. This is because the unique technology will change the architecture of the internet. Changes in cyber-security are preceded by innovations in areas such as voice recognition and finger-print identification (Yang , 2018). These new technologies are then built into devices before it is rolled out into the public. This novel technology will have to be built into computer devices before they can be used. For a user to use brainwave as a method of identification, he or she will require a computer fitted with sensory identification equipment (Dsouza, 2019). When the user goes online, the software will compare the brainwave signature from the last point of action and the one registering when one logs in. The information will be compared to the one stored in the system.

If a user wants to change the password, he or she will only need to change the questions that are to be asked for authentication. Changing the password will be easy because the brain signature will remain the same despite the change (Genovese & Enreque, 2017). The system will be able to verify that the person who caused the change in verification is the same one who is using the device. In addition to the technological changes required to support using brainwave as a password, the user will also be fitted with a small sensory device that will identify the unique brainwave. The technology at the moment requires a user to wear a helmet fitted with close to 32 sensors to capture the brainwave. However, some companies are making monumental progress in reducing the size of the sensor so that it can easily fit inside a hat. Using brainwave for personal authentication will be a departure from the standard authentication methods because it will establish an emotional blueprint (Genovese & Enreque, 2017). The emotional blue print generated by an electroencephalogram scan will then be used to access bank accounts, credit cards and other financial data.

Why is brain wave better than other biometrics? How to overcome the issue discussed?

Standard modes of identification only enable to user to access the system. But recent hacks have demonstrated that someone can easily access the system through impersonation. Once access has been granted, there is no way for the cyber security software to determine whether the person who is accessing the device is really the one. The greatest weakness of cyber-security is that once access has been granted it cannot be revoked unless the user logs out (Genovese & Enreque, 2017). Based on the activity of the user in the system, there is a need for the system to continue with the verification procedures to ensure that the activity that is carried out by the user is unique to the user. Brainwave authentication allows the system to identify the unique neural patterns and ensure that the person who has been granted access is the person who is supposed to access the system. Authentication systems are blind to the activity of the user and with behavioral mapping of users it will be easy for companies to keep track of the user activity and request for re-authentication (Mogos, 2020). This can be done through keeping a confidence matrix based on the neural activity of the user. When the confidence score falls below a particular level, access will be revoked.

Brainwave activity has been described as the most accurate in identifying a user in the cyber-security sector. Brainwaves are not vulnerable similar levels of manipulation such as password authentication and finger print authentication (Mogos, 2020). Since brainwaves from an individual cannot be copied or replicated, you need the registered user to operate the system. The current research into brainwave authentication will focus on moving cyber-security from personal data such as birthday, names or place of residence. The change will focus on behavioral traits such as alcoholism, mental health and other behavioral patterns (Yang , 2018). In addition, the brain produces unique electrical pattern which will be used to supplement the behavioral traits of the user.

The principal aim of the use of brainwaves in cyber technology is to ensure that if a cybercriminal is unable to by-pass access by simply acquiring the personal information of the user. This objective can only be achieved through reducing the personal access error rates (Gupta, 2018). While traditional biometric authentication systems have the highest authentication error rates, biometric identification has the lowest and in some companies, the error rate is at 10%. Traditional biometric authentication methods have an error rate of 80%.

The traditional biometric technologies come with potential data and privacy breaches. This is because sensitive information, even though it’s encrypted, it is stored as data sets. Once the criminal gains access to the confidential information, they use it to gain access to the system and in some instances, lock out the victim. The use of brainwave in authentication and cyber-security does away with the leakage of private information. It makes massive hacks such as the Yahoo hack or Sony hack of 2014 unappealing because it is extremely difficult to replicate a person’s brainwave activity. In addition, the technology for replacing the brainwave of a particular person will be very expensive for lone wolf operators (Mogos, 2020). Hacking is illegal in almost all the jurisdictions and the people engaged in hacking aim to incur the least expense, hacking would be an expense running into billions of dollars and as such unappealing to both state and non-state actors. Using brainwave activity as a method of authentication limits the personal information that can be exposed in the case of a hack, the technology aims at establishing psychological profiles and behavioral patterns (Gupta, 2018). For a hack to happen, the hacker has to determine the psychological profile of the user and then go look for an individual with a similar psychological profile and convince this person to participate in the hack.

Consequences of Biometric Information Theft

Although the brain wave and other biometric technologies are still in their formative years, the risk of information theft possess a great risk to the financial systems and personal identification systems. Airports, banks, secure government facilities use bio data to identify and eliminate security threats. Some airports in Dubai, Europe and United States use bio-data to identify who is coming into and out of these regions. The use of bio-data has prevented terrorists from travelling using airlines. The theft of bio-data could mean that terrorists could use this information and then impersonate someone who is not in the terrorist watch list (Yang , 2018). Theft of bio data could lead to identity fraud. The fraudsters would them assume the identity of the victim and take unsurmountable loans and incur liabilities. Credit card fraud and identify theft are already an insurmountable challenge to credit card companies. With the theft of bio-data, the victims will face difficulties in explaining that they were not involved in the fraud (Yang , 2018).

While safety systems are advanced to ensure that hackers and fraudsters do not bypass the security checks online and offline, the bad actors are developing malicious software to catch up with the emerging cyber security technologies. The theft of bio-data could have enormous implications to national security. Terrorists could easily steal the bio- information of the people who are in charge of the weapons systems and launch a missile towards a hostile nation (Gupta, 2018). If the loss of life caused by this attack is massive, this might trigger an international conflict. Theft of bio-data could be detrimental to energy and infrastrastructure projects. Hackers have attempted in the past, to shut down energy projects, or traffic mayhem using passwords. With the bio data of the key personnel it would be impossible to get administrative control of various infrastructure projects.

The theft of bio-data could have a detrimental impact on the criminal justice system around the world. Conviction of offenders in the criminal justice system is based on the identification of the offender either through eye witnesses or forensic investigations (Gupta, 2018). Forensic examination requires the collection of the bio-data of the offender from the crime scene. If hackers were able to access a directory that contains the bio-data of all the United States citizens, this data could be planted in crime scenes causing innocent people to serve jail terms. If these incidences happen in a massive scale, it can cause the citizens to lose faith in the criminal justice system.

Conclusion

In conclusion, cyber criminals and hackers are usually in an arms race to by-pass the verification systems employed in the cyber space. The goal is to access personal information and deploy the same for financial gain. The private information collected by hackers is either used for identity fraud or sold in the black market for financial gain. Initially passwords were stored as data that could be easily accessed. These measures proved deficient and there was need to develop other biometric- identification mechanisms to safeguard information. While biometric verification in cyber-security is widely used, there are gaps that still allow for unauthorized access. A hacker can easily access the bio- information of a user and impersonate him or her with devastating consequences. The deficiencies in biometric verification in cyber-security has led to research into the use of brain waves for authentication. Brainwaves are unique to an individual and they develop a unique emotional profile that cannot easily be replicated. Systems using brainwaves for user authentication will compare the user’s electroencephalogram signature with the signature generated during the last log. Using brainwave as a means of authentication in cyber security will be hacker-proof because the system can easily revoke access when the brainwave does not match during the user’s activity.

References

1. Dsouza, J. (2019). Security in Cyber-Physical Systems. Amity International Conference on Artificial Intelligence , 840-844.
2. Genovese, A., & Enreque, M. (2017). Advanced Biometric Technologies: Emerging Scenarios and Research Trends. From Database to Cyber Security, 324-352.
3. Gupta, H. (2018). Role of Multiple Encryptions in Biometric Devices. Cyber Security, 291-300.
4. Mogos, G. (2020). Biometrics in Cyber Defense. MATEC Web of Conferences , 2003.
5. Yang , W. (2018). A fingerprint and finger-vein based cancelable multi-biometric system. Pattern Recognition, 242-252.