Theft-proof biometrics

At last, there is a biometric authentication technique that cannot be stolen. Or, well, it can, but at least it won't work any longer.

Drs. Philip M. Rodwell and Steven M. Furnell recently published "A non-intrusive biometric authentication mechanism utilising physiological characteristics of the human head" in Computers and Security (vol. 26, pp. 468-478). The technique, drawn from Dr. Rodwell's research, involves measuring the resonance of human speech as modulated by the geometry of the head it originates in. In other words, while pure voice recognition involves measuring things like cadence, volume, and pitch; and can be capture by high-definition audio recorders, this technique cannot be as easily captured. It requires measurements of the propagation effects inside the head to be taken at several points during speech. Consequently, if the head is separated from its owner, no further propagation would take place. Thus, the actual biometric authenticator is considerably harder to steal.

Of course, any authenticator can be captured and replayed. The measurements, in fact, are simply taken by two microphones. Simply placing two microphones in the required position and waiting for the victim to start blabbing may actually be enough. As the implementation is designed to be used in a mobile phone (indeed, Dr. Rodwell is sponsored by British mobile telephony provider Orange) such measurements cannot be terribly difficult to obtain. Presumably, the good doctor's have thought of ways to mitigate that attack as well.

Whatever you think of this technique, I am highly encouraged about the fact that people are thinking differently about security and trying to come up with novel concepts to help us be secure.

Read the complete post at http://msinfluentials.com/blogs/jesper/archive/2008/02/04/theft-proof-biometrics.aspx