Skip to content

Page243

Keyboard Dynamics

Keyboard dynamics refers to how hard a person presses each key and the rhythm by which the keys are pressed. Surprisingly, this type of access control is cheap to implement and can be effective. As people learn how to type and use a computer keyboard, they develop specific habits that are difficult to impersonate, although not impossible.

Dynamic Signature

Dynamic signatures measure the process by which someone signs his/her name. This process is similar to keyboard dynamics, except that this method measures the handwriting of the subjects while they sign their name. Measuring time, pressure, loops in the signature, and beginning and ending points all help to ensure the user is authentic.

Voiceprint

A voiceprint measures the subject’s tone of voice while stating a specific sentence or phrase. This type of access control is vulnerable to replay attacks (replaying a recorded voice), so other access controls must be implemented along with the voiceprint. One such control requires subjects to state random words, protecting against an attacker playing pre-recorded specific phrases. Another issue is people’s voices may substantially change due to illness, resulting in a false rejection.

Facial Scan

Facial scan technology has greatly improved over the last few years. Facial scanning (also called facial recognition) is the process of passively taking a picture of a subject’s face and comparing that picture to a list stored in a database. Although not frequently used for biometric authentication control due to the high cost, law enforcement and security agencies use facial recognition and scanning technologies for biometric identification to improve security of high-valued, publicly accessible targets.

Superbowl XXXV was the first major sporting event that used facial recognition technology to look for potential terrorists [8]. Cameras were placed at every entrance and each attendee’s face was scanned and compared to a list of active terrorist threats. The technology worked and, although no terrorists were identified, 19 petty criminals were identified. The companies that make the systems claim they are primarily a deterrent control.

Note:
Casinos have used the same facial recognition technology as the Superbowl example since the early 2000s. A casino’s biggest concern with regard to security is keeping the guests safe. However, a close second is ensuring that there are no cheaters stealing from the casino. Because cheaters have been known to wear elaborate disguises, more and more casinos are turning to facial recognition software. This software uses facial geometry to distinguish between faces. Because this geometry measures unique distances between facial features compared to the size of the face, no matter what the disguise, the software is likely to alert when it detects a known cheater stored within the database.

Someplace You Are

Someplace you are describes location-based access control using technologies such as the global positioning system (GPS), IP address-based geolocation, or the physical location for a point-of-sale purchase. These controls can deny access if the subject is in the incorrect location. Credit card companies employ this access control when monitoring a consumer’s activities for fraud. Many companies require that users notify them if they intend to travel abroad. If not, the credit card will most likely be declined for fear of unauthorized activity.