Biometrics is defined as the science of establishing the identity of an individual based on physical, chemical or behavioural attributes of the person. We see the deployment of Biometrics in many industries such as smart homes, automotive, banking, healthcare etc. According to Gartner, biometric sensors such as premise security entry consoles will total at least 500 million IoT connections in year 2018. Acuity Market Intelligence forecasts that within three years, biometrics will become a standard feature on smartphones as well as other mobile devices. IoT (Internet of Things) connects the Physical world to the virtual world – and in doing so – provides elements of Biometric Data. To discuss these issues, please join a new meetup group in London Behavioural Biometrics IoT and AI
While Physical Biometric techniques (like fingerprint recognition, IRIS scans etc) are well established, Behavioural biometrics systems are still emerging. According to the IBIA White paper, Behavioural biometrics provides a new generation of user security solutions that identify individuals based on the unique way they interact with computer devices like smartphones, tablets or mouse-screen-and-keyboard. By measuring everything from how the user holds the phone or how they swipe the screen, to which keyboard or gestural shortcuts they use, software algorithms build a unique user profile, which can then be used to confirm the user’s identity on subsequent interactions.
Currently, behavioral biometrics are deployed as an additional layer to enhance identity authentication and fraud detection systems but they provide a number of advantages over traditional biometric technologies.
- They can be collected non-obtrusively or even without the knowledge of the user
- They do not need any specialized hardware
- Behavioural biometrics are completely frictionless because users can be enrolled in the background during normal interactions – they do not slow, interrupt or interfere with the user experience.
- Because there are dozens and dozens of data points collected, and any combination of them can be used to identify a user, identification is accurate and precise and users cannot practicably be impersonated.
- Because authentication happens throughout the entire course of the transaction, behavioural biometrics provides powerful protection against insider threats and account takeover, as well as identity theft.
- Behavioural biometrics does not replace the password or other legacy forms of identity authentication, but it does reduce the burden placed on them to protect sensitive data.
Behavioural Biometrics techniques
In Behavioural biometrics: a survey and classification, Yampolskiy & Govindaraju provide a survey of behavioural biometric techniques. They classify Behavioural biometrics into five categories based on the type of information about the user being collected.
- Category one is made up of authorship based biometrics (ex examining a piece of text produced by a person).
- Category two consists of human computer interaction (HCI)-based biometrics ex the use of Keystroke biometrics.
- Category Three involves using events that can be obtained by monitoring user’s HCI behaviour indirectly via observable low-level actions of computer software(for example audit logs).
- Category four involves tracking of motor skills of the users in performing certain tasks. Finally,
- Category five involves purely behavioural biometrics. such as the way an individual walks.
The authors also present a generalized algorithm for implementing behavioural biometric with the following steps:
- Pick behaviour
- Break-up behaviour into component actions
- Determine frequencies of component actions for each user
- Combine results into a feature vector profile
- Apply similarity measure function to the stored template and current behaviour
- Experimentally determine a threshold value
- Verify or reject user based on the similarity score comparison to the threshold value.
Behavioural Biometrics – IoT and AI
So, with this background, what is the relationship between Behavioural biometrics, IoT and AI?
- Behavioral biometrics relies on increasingly ubiquitous, mobile and IoT devices to capture data points that will authenticate the user.
- Increasingly, IoT and Mobile devices provide continuous Authentication over the session.
- The individual pattern/profile is hard to spoof because it ties to your unique behaviour comprising of physiology and considering other factors like social, psychological and health factors.
- Rather than focusing on an activity’s outcome, behavioral biometrics focuses on how a user conducts the specified activity. This means, real time AI algorithms can be used to validate detect behaviour even as the activity progress (and is yet to complete). For example – keyboard metrics can detect behaviour as the transaction progresses without waiting for it to complete
- Finally, behavioral biometrics are agnostic of personally identifiable information or PII. I don’t need to know anything about you to be sure it’s you. I just need to ensure that you are the same person who logged in the last time. Hence, there is scope to create new algorithms which are PII protecting by using Behavioual biometrics .
To discuss these issues, please join a new meetup group in London Behavioural Biometrics IoT and AI
Ajit Jaokar conducts a course at Oxford University on Data Science for Internet of Things. He also is a Research Data Scientist working on Behavioural Biometrics