Feeds

EU goes on biometric LSD trip

Consortium considers legal, standardisation and deployment issues

  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

In December 2004, the European Commission adopted the biometric passports directive, a regulation that mandates the use of biometric facial images within 18 months and fingerprints within three years for all passports issued.

Biometrics such as fingerprints have long been used as identifiers, albeit mainly for catching criminals. But it is only in recent years that computational devices have come into standard use for companies and individuals that the use of biometrics has become viable everyday applications.

However, investigations conducted in the US and Europe have concluded that there is much work to be done to improve biometric technologies so that their full potential can be reaped. Different types of biometrics have differing levels of accuracy, leaving room for much improvement, and user acceptance still needs further testing.

Notwithstanding this, governments worldwide are demanding that biometrics are used as unique identifiers, with the primary emphasis being on improving security for such things as access control, electronic payments and authenticating travellers. One such scheme that has been raising concern is the US-VISIT scheme unilaterally imposed on international travellers to the US. This requires the transfer of large amounts of personal information on travellers to the US, in contravention of Europe's data protection laws, as well as the provision of fingerprints and facial images when entering the US.

Schemes such as this are driving the EU to develop robust standards for technology and to ensure that they are actually useful in real-life applications. As part of this, BioSec was set up at the end of December 2003 to engender a European-wide approach to the development of biometric technologies for security applications. It comprises a multinational consortium of companies, universities, public institutions and governments from nine European countries, providing a solid base for piloting prototypes and applications.

With a remit covering a very wide area, BioSec's three main objectives are:

  • To enhance biometric technologies: including the refinement of user interfaces, sensors, devices and algorithms, and advancing the usability of biometric devices. Work is being done to improve storage systems, including personal, portable and centralised devices, to improve technology systems such as those that support transactions made over computer networks, and to enhance interoperability of devices and support for public key infrastructures.
  • To ensure that technologies meet the requirements of real-world scenarios: the work that BioSec is doing in this area includes evaluating usability and acceptability of biometric technologies through field tests, including scenarios for physical and remote access, as well as contributing to the definition and adoption of standards and interoperable solutions for biometric-based transactions.
  • To become the reference point for al European research into biometric technologies and to ensure that European experts are central to the development of international standards for biometrics to avoid the imposition of unworkable schemes.

The BioSec consortium was set up to conclude its work by end-2005. At the halfway point, the group has just help its second workshop at the European Commission in Brussels to present achievements to date and outline the challenges that are still to be faced. Progress has been good, with a number of workable prototypes developed and good results in field tests.

But a number of challenges remain in bringing biometrics into everyday use. BioSec has boiled these down into three main areas of concern, known to BioSec members as ‘LSD'. These stand for legal issues, such as concerns about privacy and data protection, standardisation issues, including technical interfaces and interchange formats, and deployment issues, divided into technological and social barriers to use.

Information about the work of BioSec can be found at www.biosec.org.

© IT-analysis.com

Related stories

Plugs to be pulled on EU biometric visa scheme?
EU biometric RFID scheme unworkable, says EU tech report
Europe kicks UK out of biometric passport club
Fingerprints to become compulsory for all EU passports
Everything you never wanted to know about the UK ID card

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.