Protecting Critical Infrastructure Through Biometric Authentication

The Importance of Access Control

In the ever-changing world of global data communications, inexpensive Internet connections, and fast-paced software development, security is becoming more and more of an issue.

Hence it has become more vital to protect the critical infrastructure and provide security for the smooth functioning of the computing solutions from the attackers.

One of the ways of protecting is by providing access control to the existing infrastructure. This can be achieved by providing authentication schemes such as secure login with the help of username and password, pass phrase, smart cards, PIN numbers, biometrics, etc., A biometric system is essentially a pattern recognition system that makes use of biometric traits to recognize individuals.

 The objective is to establish an identity based on ?who you are or what you produce ‘, rather than by ?what you possess‘or ?what you know‘.

The significance of using biometrics has been reinforced by the need for large scale identity management systems. The very purpose of identity management is to accurately determine an individual ‘s identity in the context of several different applications.

This new technique not only provides enhanced security but also avoids, in authentication the need to remember several passwords and maintain multiple authentication tokens.

This report contains an analysis of the legal issues with regard to the application of biometrics in Europe. After an introduction chapter (I.), follows a chapter on biometrics, the legal framework and human rights law (II.) and a chapter on biometrics and data protection (III.). The outcome of both chapters is more or less complex. Human rights law and data protection law establish a legal framework for the assessment of the legal implications of biometrics, but the framework is incomplete.

More fundamental issues seem to escape from it and the (European) legislator is very much left unguided. Chapter IV. ('European human rights and data protection, reconsidered') takes up the task to provide for guidance. Starting point are the deeper intuitions that have brought the European Constitutional framers to distinguish between privacy and data protection as two separate legislative tools to respond to new technological challenges, such as those created by the use of biometrics.

In line with the example of Directive 97/66/EC concerning the processing of personal data and the protection of privacy in the telecommunications sector (replaced by the privacy and electronic communications Directive 2002/58/EC in 31 October 2003), the recommendation is made to supplement the existing legal framework with a double-faced legal instrument that, taking into account all relevant factors, blocks certain undesirable uses of biometrics and adds more constraints to the uses of biometrics considered desirable. Issues such as a possible right to property of biometrical data and security are not dealt with in separate chapters but are addressed in the chapters on human rights and biometrics. Questions with regard to evidence law and criminal investigation are the object of our last chapter (V.). This chapter is followed by a general conclusion.

Ethical Issue:

Can Consider Risk Zone 6: Data Control & Monetization as:

-              Will the user have the right to access the data and be able to modify/delete/update the data?

-              Does the organization have users consent to sell or share the data with others?

-              Where is the users biometrics data stored? Is it within the user’s handset?

-              How securely is this data stored? Is the storage vulnerable to cyber-attacks?

Risk Zone 7: Implicit Trust & User Understanding:

-              Is the organization selling the data of the user?

Legal issue

Issue: The virtual interface is expanding across the global to the human through biometrics Justification: Foster public awareness and understanding of computing, related technologies, and their consequences.

For example, few biometrics has the capability to authorize the access only in the presence of user operation. There are some systems which are used in the homes, automobiles which might cause harm to the households in their absence if the scanners are compromised.

Implementing new technology should not place the users in stake, this can be done only by creating awareness amongst the customers by explaining the challenges faced following the technology execution.