AI Biometric Authentication for Enterprise Security
Biometric authentication technology has been an important industry trend for years, especially in 2021 due to the latest AI innovations available on the market. According to IBM, 20% of breaches are caused by compromised credentials. Worse, it can take an average of 287 days to identify and respond to a data breach.
AI based security is increasing in usage and will be necessary to remain competitive in any industry. IBM reports that as of 2021, 25% of businesses have completed deployment of AI based security, while 40% are partially deployed. The remaining 35% have not begun this process, and if your business falls into this category you may be placing your clients at great risk for dangerous data breaches. Investing in AI-based security can save a business up to $3.81 million in 2021.
Being able to use artificial intelligence to identify and automatically respond to data breaches is incredibly important for protecting the data and privacy of a company and its customers. AI biometrics authentication provides yet another safeguard against a data breach that is essential for businesses of any scale. Not only that, but IBM’s study shows that correct use of AI security platforms will cost businesses less. It is extremely important to understand and consult experts in the field to develop the solution that is best for your business.
With more advanced biometric authentication, verification, and identification technology at our disposal in 2021 than ever before, we can make industry systems more secure while maintaining efficiency and accessibility. Let’s talk about how biometric authentication works and the most important new trends such as artificial intelligence biometrics.
Biometrics Technology Overview
At first glance, biometrics may appear to simply be a way of accessing a cell phone more quickly while retaining security, but there are many more applications than this. However, at its core, the objective of biometric security technology is to improve security using parts of our bodies that cannot be easily replicated. Although machine learning and quantum computing may be able to guess a password, biometric information like fingerprints, faces, and irises are not so easily determined or emulated.
According to Statista, the biometric technology market will value at $55.42 billion before 2027.
Over the range of 10 years from 2017 to 2027, worldwide spending in the identity verification market is forecasted to grow by more than 13 billion U.S. dollars, increasing from 4.93 billion in 2017 to over $18 billion in 2027. Identity verification is an important aspect of information security, as it ensures that only the people with legitimate authority to access information are able to do so, thereby preventing harmful or malicious intrusion to protected information.
Types of Biometrics
Biometrics technology can be split into three domains: identification, verification, and authentication. Identification is used when the system wants to know who the user is. Verification is about using that biometric information to determine if any other information is associated with the user. Finally, the goal of authentication is to understand if the identity the user claims to be is correct and authorized to access the services and data they are requesting.
An example of biometric identification may be used to determine the identity of a user against a database of faces. Law enforcement facial recognition databases use this technology to a great degree and can help investigate security camera evidence footage with better accuracy than a human. Verification is helpful for ensuring that the user and the information stored in the database about them match. Authentication is perhaps the most critical of the three, enabling authorized users to access sensitive information while restricting unauthorized persons.
The table below shows the various characteristics of each type of biometric technology.
One of the most important takeaways for any business considering biometric security methods is that it is not always wise to rely on only one form of biometric technology, i.e. unimodal. Instead, a multimodal approach that uses more than one type of biometrics is much more secure.
Facial Recognition Technology
The facial recognition market was estimated at $3.8 billion in 2020. The market is projected to grow, reaching 8.5 billion U.S. dollars by 2025.
Biometric authentication technology that uses facial recognition has been a valued feature for security for years, making its way onto millions of iPhone and Android smartphones. With advances in augmented reality and machine learning aiding computer recognition of human faces, facial recognition technology has become more advanced than ever before in 2021.
One of the reasons why facial recognition technology has improved for identification and authorization this year is because of the necessities of the pandemic. Due to increased usage of face coverings like masks, facial recognition has become less accessible. However, many facial recognition solutions now can account for obstacles like face coverings. This is not only good for consumer convenience, but also helpful for law enforcement identification of criminals. By matching the face of the subject with a database, users can be identified even if they are wearing a mask.
Since 3D cameras can get much more information about a human face than a two dimensional camera would, facial recognition is much more secure than before as a biometric authentication technology. Previously, it was much easier for computers to be fooled by a picture of someone’s face or a similar looking face. However, machine learning has helped narrow the margin of error to prevent hackers from exploiting facial recognition-based security and various anti-spoofing methods now exist.
Voice Recognition Technology
The global voice recognition market size was forecasted to grow from $10.7 billion in 2020 to $27.16 billion by 2026.
Hands-free communication has been enriched greatly by voice recognition biometrics technology. However, voice recognition has another purpose: identification. Smart home device ecosystems like Google Home, when trained, can identify members of a household based on their voice. This is very helpful for displaying information pertinent to that individual such as their calendar and notifications.
Voice recognition has other applications in authentication and verification. Being able to identify someone and verify their access based on their voice can save a lot of time, but we are getting to the point where voices may not be as secure as other biometric methods. Deep learning has made it possible to realistically mimic a voice using a computer, a technique called vocal synthesis. ‘Deep fake’ voices have been used in successful fraudulent activity that in one case cost an energy firm in the United Kingdom $250,000 in 2019.
As deep learning technology improves, the more realistic vocal synthesis will become. Unless technology improves to better recognize legitimate vs fake voices, voice recognition biometrics technology is better suited for non-security applications, particularly identification. This may be for consumer based systems like smart homes, or enterprise solutions such as automatic transcriptions of meeting recordings that can attribute speakers by name.
Iris Scanning Technology
This form of biometrics technology is one often seen in science fiction. It is similar to facial recognition in that it is contactless, but focuses only on one particular feature, the eye. One advantage is that there is less complexity to account for. Advanced facial recognition systems are not needed, only something that can recognize the features of the iris. You don’t necessarily have to be close to an eye to scan the iris. At 40 feet away, tests at Carnegie Mellon University can scan an iris.
One advantage of this technology is that because it uses infrared sensors to analyze the iris, scanning the eye can be done in low light conditions.
Law enforcement applications of this technology for identification of suspects is definitely one of the first things that may come to mind. However, this can also be a great authentication and verification method for both consumer and enterprise applications. Samsung’s Galaxy S9 and Note 9 smartphones both have iris scanning technology, demonstrating that this biometric method can be used on portable devices. This can be useful not only for consumers but also enterprise-level device security.
When comparing against a single authorized user, an iris scanner can authenticate a user nearly instantaneously. When identifying or verifying a user against a large database of hundreds of thousands of subjects, less than 20 seconds is sufficient to authenticate.
Fingerprints Authentication Technology
Fingerprints have been in use for thousands of years for identification. They have particularly been useful in forensics technology, but recently they have become extremely useful for consumer and enterprise security solutions. In 2003, the Fujitsu F505i pioneered the very first cell phone with a fingerprint sensor. It would later be popularized with Touch ID on Apple iPhones and various scanners on Android phones.
Fingerprint authentication technology works just like any other biometric method. By comparing the grooves and valleys of an individual’s finger against a standard subject or a database of subjects, they can be identified, verified, and/or authenticated. This can be done very quickly by the user without disrupting their experience.
However, one downside to fingerprint scanning is that it most often is not contactless. The user has to press their finger against the sensor in order for it to register. In some circumstances this may not be desirable due to health concerns, especially with the global spread of the SARS-CoV-2 virus. However, it is possible to scan a fingerprint or entire hand via contactless methods. The LG G8 ThinQ smartphone uses a time of flight (ToF) sensor and infrared camera to detect the blood vessels in the hand of the user all without requiring the user to press their hand against a surface.
Another downside to fingerprinting is that it can be inaccessible for some groups of people with disabilities. Because of this limitation, it may be wise to invest in multiple forms of biometric authentication to maintain accessibility.
How AI Can Improve Biometric Authentication Systems
When it comes to security, improving accuracy and efficiency of biometric authentication systems cannot always be done with human programming. Artificial intelligence and machine learning can help us make our systems more secure and efficient.
Biometric technologies can be split into two domains, physical and behavioral.
Physical Biometric Technology
Physical biometrics include everything that we have already discussed in this article. These are objective characteristics of a person like their face or fingerprints, DNA, and more. This must be converted into data that can be analyzed by the AI system and compared against a database for authentication purposes.
One of the cases where AI and ML prove most helpful is with facial recognition. Used extensively with augmented reality solutions, AI can help make facial recognition by computers much easier by analyzing facial features and matching them with a database.
Behavioral Biometric Technology
One of the most interesting trends that artificial intelligence makes possible is behavioral biometric technology. This uses unique behavioral characteristics of how they interact with the world, things that the user may not even realize about themselves. This is one of the most effective lines of defense against deep fake fraud attempts. Some of the more popular ways to measure behavioral biometrics are:
- Mouse activity
- Keystroke movement
- Touch screen press size, area, and pressure
- Mobile device motion
The Biometrics and Data Pattern Analytics Lab from the Autonomous University of Madrid developed BeCAPTCHA, a system for bot detection that uses behavioral biometrics. It’s entirely possible that behavioral biometrics can be used without the user’s knowledge, eliminating the need for annoying tests of the user’s humanity as CAPTCHA challenges have done for years. In the next few years, users may never have to click on pictures of crosswalks and stop lights to prove they are ‘not a robot’ again while browsing the Internet.
Importantly, behavioral biometrics can assist in ensuring security throughout an entire session. For example, if a user authenticates themselves and then leaves the room, unwittingly enabling an unauthorized user to gain access to their computer, this would be a serious security risk. However, behavioral biometrics can detect the inconsistent behavior of the second user and restrict their access dynamically.
How Multimodal Biometric Authentication Solutions Work
Every form of biometrics technology has pros and cons. They each are also not universally effective. To improve accuracy and effectiveness of biometric authentication technology, it’s important to layer security with multimodal biometric recognition solutions. We can see this in action in the following diagram:
* Neural networks on mobile applications can be challenging to develop and implement. Neural networks can be integrated into applications using TensorFlow Lite, however there are various limitations. Training your neural network models with the TensorFlow library can help. You will need to thoughtfully design the architecture of the application beforehand and put those requirements into consideration.
** If a native application is not possible, this process can be offloaded to the cloud to process the data like Rest API. However, this will incur additional networking resources and require an Internet connection.
There is an Nvidia Docker that can simplify the deployment of the system, while a service provider (such as AWS) can provide an uninterrupted communication channel, computing power for neural networks, and a convenient interface for scaling your system.
Test #1: Facial Recognition
The user creates a photo-imprint that’s stored on the device using a camera. This biometric imprint is converted and normalized using the OpenCV library.
The face is identified using a photo, and each of the 64 landmarks detected by OpenCV are highlighted. A biometric verification landmark includes things like a distance from the bridge of the nose to the eye and other facial features.
These landmarks and a cutout image of the face are transferred to a deep neural network, which is trained using the TensorFlow library.
An eDNA feature vector is formed after neural network processing is completed. The feature vector collects the biometric characteristics of a particular person. The length of the vector is usually 2048 bits. The lengths depend on the DNN architecture.
During verification, eDNA is issued and compared with the anchor record that was formed earlier. Reverse engineering is impossible because there is no access to the vector. The biometric system will periodically update this anchor record to match an individual’s changing looks.
Test #2: Voice Verification
The user provides a voice sample through a microphone that gets processed by the Librosa library. The library reads the audio, transforms and converts it, and then transmits biometrics to the neural network (DNN).
An eDNA feature vector (2048 bits) is formed, which takes into account such biometrics as timbre, intonation, tempo, pitch, and other characteristics that the neural network was trained to respond to.
Case Study: AI-based Biometric Authentication Solution
By combining a microservice-based architecture, WebRTC, and machine learning powered biometric recognition, we developed a single sign-on (SSO) biometric authentication solution for a US-based firm. Utilizing voice and facial recognition, we developed an enterprise verification as-a-service (EVaas) solution that uses the technologies and trends discussed earlier.
This product proved that biometric authentication systems can be highly customizable and easy to use, powering a very simple user interface from behind the scenes. In addition, this example was able to integrate with existing systems via API.
Biometric Authentication Solutions Development
Securing systems is not a matter to take lightly. When sensitive information is on the line like protected health information or institutional data is on the line, it is extremely important to take the measures necessary to prevent data breaches. Failure to maintain a high level of security surrounding this information can result in fraud that can cost businesses tens or even hundreds of millions.
Biometric authentication and verification technologies, especially those powered by artificial intelligence are not easy and often require experts in the field to properly integrate them with existing systems. If you are considering your options for implementing new security features into your system for your business or for your clients, we encourage you to reach out to our ML team to have a conversation about your needs.