Physical Security and Biometrics - Other Types of Security - Computer Security Basics, 2nd Edition (2011)

Computer Security Basics, 2nd Edition (2011)

Part IV. Other Types of Security

Chapter 9: Physical Security and Biometrics

Chapter 10: Wireless Network Security

Chapter 9. Physical Security and Biometrics

Physical security protects your physical computer and networking facilities—your building, your server room, your computers, your backup media, and increasingly, your people. Biometric devices (devices that sample a physical or behavioral trait—for example, a fingerprint—and compare it with the traits on file to determine whether you are who you claim to be) provide an important first defense against breakins.

Sound physical security is the basis on which a security policy and its resulting activities must rest. The best computer security activities can easily be negated by careless physical security. The importance of good physical security can be illustrated by referring once again to the two security mnemonics: CIA and IRA. The first refers to the following:

Confidentiality

That which is secret should stay that way.

Integrity

That which is received is identical to what was sent, what is retrieved should be identical to what was stored.

Accessibility

What is stored should be easy to retrieve, what you need or where you wish to go should always be available to you.

The stepping stones to these are in the IRA:

Identification

Being able to prove you are who you say you are.

Reliability

All systems function as they should on demand, even in a crisis.

Authentication

Making sure users can access only those areas for which they are authorized.

To show how these relate to physical security, consider the following story.

In December 2002, social security numbers and other personal information for a half million military personnel, family members, and retirees were stolen by heisting the system’s backup devices. The theft occurred on a Saturday and was detected the following Monday. Medical insurance claims data for active military personnel in the western portion of the United States were involved, and the matter was treated seriously, including posting of a reward, providing periodic updates of the case on a web site, and providing information to those affected about what to do if they suspected their stolen information had been misused. From backups (early news reports stated that the stolen drives were in fact “expensive backup devices”), the facility quickly determined which records were compromised and notified those affected with details of the stolen information, including copies of forms they may have filled out, so that the victims could see what data was at risk. No cases of identity theft or other crime have been attributed to this theft and the facility has since increased both electronic and physical security, and in fact has been awarded a contract for a considerably increased service area.

Upon further investigation, it became clear that the IT processes in place at this organization were reasonable. However, with a break-in on a Saturday being reported on Monday, there may have been a breakdown in physical security. It is clear that problems with physical security can undermine the best of intentions with electronic security.

Physical Security

In the early days of computing, computers—and the information they processed—were protected in the most fundamental way: they were locked up, with entry limited to a few authorized operators and users. Today, a few servers may remain behind bars, but personal computers are widely distributed, taking the place of terminals and having access to nearly all the information that once was locked away in secured areas. Using wireless access points, it is not even necessary to make a physical connection to the network to get a clear shot at almost any resource. Easy electronic access has logically led to an increased emphasis on electronic security.

However, despite advances in computer security and communications security, physical security remains a vitally important component of your total security plan. Physical security measures are tangible defenses that can protect your facility, equipment, and information from theft, tampering, careless misuse, and natural disasters. In some ways, physical security is the easiest and the most rewarding type of security. It’s very visible and reassuring. It’s a tangible signal to employees and visitors that you take security seriously. Building, server room, and telecommunications room locks provide an important outer, physical perimeter of security, within which electronic measures and other types of security provide finer-grained protection of information.

Natural Disasters

The discussion of information security risks throughout this book has focused on man-made disasters such as sabotage, hacking, and human error. But don’t forget that computers and networks are affected by the same kinds of dangers that imperil all of your organization’s equipment—fire, flood, lightning, earthquakes, and other natural disasters.

In fact, many natural threats are actually more of an issue for computers than for other types of equipment because computers and associated equipment are particularly sensitive to temperature changes, moisture, power loss, and surges in electricity. And while computers are easily replaceable, the information they contain may not be.

The suggestions provided in the following sections are very brief and basic ones. If you’re in a high-risk area for any of these hazards, consider the importance of planning for redundancy, disaster recovery, and business continuance, as discussed in Chapter 5.

Fire and smoke

§ Install smoke detectors near your equipment—and check them periodically.

§ Keep fire extinguishers in and near your server rooms, telecommunications rooms, and work areas, and be sure that everyone knows they are there.

§ Make sure that fire extinguishers are inspected regularly and are of the correct type and rating (ABCD code).

§ Enforce no-smoking laws and policies; these are also important to controlling smoke, another hazard to computers.

§ Ensure that specialized gas systems for fire control, such as Halon and carbon dioxide, are operable, cannot be accidentally or carelessly discharged, and are in compliance with environmental laws.

§ Depending on local codes, it may be a good idea to have the air conditioning system interface with the fire alarm system, so the AC can be shut down if a fire in another part of the building threatens to inject smoke into the server room via the AC ductwork.

Climate

§ Keep all rooms containing computers at reasonable temperatures (approximately 50-80 degrees Farenheit or 10-26 degrees Celsius).

§ Keep telecommunications rooms and server rooms decidedly cool; if you need a sweater while working in them, that’s about right.

§ Keep the humidity level at 20-80 percent.

§ Install gauges and alarms that warn you if the temperature or humidity is getting out of range.

§ Equip your heating and cooling systems with air filters to protect against dust (another peril to computers and especially to older tapes and disk packs, and to certain optical media).

Earthquakes and vibration

§ Keep computers and telecommunications equipment away from glass windows and high surfaces, particularly if you’re in a high-risk area.

§ Rack-mount equipment where possible, remembering to secure the floor plates. Use the ANSI/TIA/EIA-569-A standard on telecommunications pathways and spaces, with local seismic variations as your guide.

§ Be sure that if strong vibration occurs (because of earthquakes, construction, or other sources), objects won’t easily fall on your computers and network equipment.

Water

§ There are various types of water damage. Flooding can result from rain or ice buildup outside, toilet or sink overflow inside, or the water from sprinklers used to fight a fire. Air conditioners and other cooling units may create water due to condensation. This is usually held in trays, but these can rust out or overflow. Be sure you’ve protected against all types of moisture.

§ If your computer does get wet, let it dry thoroughly before you attempt to turn it on again.

§ Install a water sensor where appropriate. Simple ones are available for the price of a smoke alarm.

§ Remember that the presence of water increases the likelihood of electrical shock. Use greater caution in the case of flooding emergencies in equipment areas.

Electricity

§ Your computer will suffer if it gets too much or too little electricity.

§ For best results, install an uninterruptible power supply. It will absorb surges and provide extra voltage during brownouts, and if power fails completely, it will provide power until you’re able to shut down the system. An unprotected power loss can result in serious damage. Note that surge protection won’t work unless your electrical system is well-grounded.

§ Install a line filter on your computer’s power supply; a voltage spike caused by lightning or a power fault can destroy your computer.

§ Verify that the protective grounding system is adequate. This may require an electrician or grounding specialist. Local applicable standards, such as ANSI standard 942 and J-STD 607-A should be your guide, along with the local electrical code.

§ If you can, install a special electrical circuit with a clearly labeled circuit breaker for each of your systems.

§ Install antistatic carpeting in your facility. This carpeting contains special filaments that dissipate static electricity.

§ Have a telecommunications specialist and an electrician verify the effectiveness of your equipment or signal grounding system. In most cases, the signal ground must be electrically bonded to the electrical or protective grounding system.

Lightning

§ If a lightning storm hits, try to turn off your computer and unplug it. Lightning generates an enormous power surge that can damage your computer even if you have a surge protector on your computer.

§ If you use magnetic media as a back up, protect it from the magnetic field created if lightning strikes your building. Store the media as far away as possible from the building’s steel supports. Even metal shelving may pose a hazard.

Risk Analysis and Disaster Planning

One of the most important things you can do to protect your organization from disaster is to plan for that disaster. Risk assessment and disaster planning are vital security activities, and they’re rarely performed, except by the most informed organizations. For a description of what these activities are all about, see the section "Planning for Disaster" in Chapter 5.

Locks and Keys: Old and New

The first line of defense against intruders is to keep them out—out of your building, out of your server room, out of your telecommunications closets. In the past this was easier. The locked or guarded computer room has historically been the primary means of protecting an organization’s computer equipment and information from physical intrusion and unrestricted access. The terminals that were on desktops were very thin clients, “dumb terminals” in fact, capable of manipulating data only in the mainframe. In most organizations these days, everyone has a workstation, from which information can be removed easily on a USB memory stick or floppy disk, for instance. Printers, from which documents can be collected, are distributed around the office. Locking up is harder in this kind of environment, but it still is a good idea. Kick the janitor out of the telecommunications closet and spill the cleaning supply storage shelves into the hallway. Boot the network administrators out of the server room and put on a combination lock. Gather up the backup tapes and the old hard drives and installation CDs for operating systems and office applications, and store them in a locked metal cabinet.

To gain access to a locked facility, a user should have to pass an authentication test. Remember from Chapter 3 that there are three classic ways in which you identify yourself (i.e., prove that you are who you say you are):

§ What you know—for example, a password.

§ What you have—for example, a key, a token, a badge, or a smart card.

§ What you are—for example, the fingerprint on your finger (which matches the one on file).

All of these authentication techniques can be used for physical security (e.g., building or computer room access) as well as for system access control. When a smart card or a fingerprint is used for computer access, it’s usually only a first step. Passwords are typically required as well. When two distinct techniques are used for authentication in this way, it’s called two-factor authentication. One factor is something you have; for example, you present your smart card or have your fingerprint or voiceprint scanned. The other factor is something you know; for example, you type a personal identification number (PIN) or a password into the system. Multifactor identification systems promote a “defense in depth” environment.

HINTS FOR KEEPING INTRUDERS OUT

Don’t forget that the front door isn’t the only way into your facility. Be careful about:

Dropped ceilings

Be sure the walls extend above the dropped ceiling so intruders can’t climb over the walls.

Raised floors

Be sure the walls extend down beyond the raised floor so intruders can’t crawl under the raised floor.

Air ducts

Be sure the air ducts are small enough so intruders can’t crawl through them.

Glass walls

They’re too easy to break, and breakage will cause a lot of damage. People can also look through them and potentially get access to sensitive information that way.

Photographs

Follow the lead of several national monuments and take a digital photograph. Sneaks don’t like to be documented. Perhaps you can use the photo on a “guest ID” badge so it can’t be pocketed and reused by someone else.

Network connections

Intruders can’t sneak in over communications lines (it just seems that way), but they can cause a lot of damage by unplugging or cutting cables. Physical access to cabling also opens up the possibility of wiretapping. Current standards require that wiring pathways and spaces be kept locked.

Some organizations add another dimension of security to a locked facility by using surveillance devices, such as closed-circuit television and more sophisticated access detectors that use infrared, ultrasonic, laser, or audio technologies. Advanced digital video recorders can record multiple cameras and cause an alarm when images change, such as people appearing in certain hallways or going through certain doors.

Highly secure facilities can install elaborate turnstiles called mantraps (see Figure 9-1). Systems of this kind route personnel through a double-doored facility in which you show a badge to a guard or are subjected to verification techniques, such as weight checks (to ensure against your entering the facility with an unauthorized buddy), key checks, and biometric checks, such as those described later. If you fail to pass the tests, you are trapped between the double doors, unable to enter or exit the facility until a security officer investigates the incident!

A mantrap

Figure 9-1. A mantrap

Types of Locks

In addition to locking up buildings and computer rooms, you can also secure your computer, your network, your disk drives, and your disks.

Here are two lock examples:

Equipment locks

The simplest way to keep someone from walking out with your PC, router, switch, or other network device is simply to bolt it down. Computers, workstations, and cables may also be equipped with locks that can be unlocked only by special keys, electronic tokens, or smart cards.

Cryptographic locks

Some ultra-secure products are equipped with electronic devices known as smart keys. These keys are used to load initial cryptographic key information (usually supplied by a government agency) into the product. They typically have tamper-detection circuits, which erase the secure key storage if the circuit is broken.

Tokens

A token is an object that you carry to authenticate your identity.

In ancient times, a trusted courier might have carried the king’s ring to a foreign kingdom to prove that he could speak for the king. Modern tokens are electronic devices, usually containing encoded information about the user who’s authorized to carry it. Typically, a token is used in conjunction with another type of authentication, in a two-factor authentication system. For example, with certain types of PC security packages, you must insert an electronic, key-shaped token during login and authentication. After the system recognizes the token, it prompts you to type identifying information (e.g., ID and password) and compares your entry with the information encoded on the token. If the two match, you’ll be allowed access. If they don’t, you’ll usually be given a few more chances. After multiple failures, you’ll be locked out, and an alarm will sound. These tokens do not require user interaction; for this reason they are sometimes referred to as passive tokens.

Modern token systems are packaged as PCMCIA (PCCARD) or USB form factor devices that fit into your computer. Soft tokens, secure passwords that are unique to your computer, can also be installed.

In most cases, tokens are used as part of a VPN secure transmission path, which allows a portable computer to log onto a corporate network from out of the office or on the road, and implements encryption on the data that is transferred.

Challenge-Response Systems

Some public key authentication products are more sophisticated versions of electronic tokens. These can be called active tokens. Challenge-response systems typically use a hand-held device containing an encryption program and a key. When you try to log in, the system challenges you with a random number. You type this number into the hand-held device, which encrypts it and displays the result. Now, you type that number into the system. The system compares the typed response with the result of its own encryption of the random number. If the two numbers match, you’re allowed access.

Versions of this kind of device include smart cards that display a code periodically. To log into a system or enter a secure facility, you identify yourself (by typing your PIN or password), and you also type the code that’s currently displayed on your smart card. The card is synchronized with network timing signals, so that a stolen sequence is valid for only a short time. Such systems offer a number of other special features. For example, the card can be designed to stop and erase its memory at the end of its programmed lifetime. If you attempt to open the card to replace batteries or change it in any way, the card is permanently disabled.

Cards: Smart and Dumb

For many years, ID badges, often with photos, have served as credentials. You must present your license to the bank teller or supermarket clerk before you’re allowed to cash a check. You must flash your employee badge before the building guard allows you to enter the building. Authentication works by having someone visually match your face to your picture.

Automatic teller machine cards and certain types of credit cards use a more reliable type of matching that magnetically encodes identifying information on the card. For example, an ATM works by comparing the information on the card to the information you enter at the ATM—usually some combination of account number, PIN, and/or password—and allowing you to withdraw money only if the match is successful. Increasingly, more advanced types of cards are being used to control access to buildings, computer rooms, and computers themselves.

The typical access card is the size of a credit card. It usually contains an encoded identifying number, password, or other type of prerecorded information, often in encrypted form. Depending upon the sophistication of the system, the card may contain a large amount of additional information.

The newest types of access cards are called smart cards. Smart cards come in different sizes and shapes. Some look like credit cards, some look like memory sticks, and some are shaped like a watch fob. One popular version provides secure transmission information using state-of-the-art encryption algorithms, and fits on a standard key ring. A disadvantage to tokens is that they are small and easily misplaced, and they can be costly, from $25 to over $100 dollars. These cards contain microchips that consist of a processor, memory used to store programs and data, and some kind of user interface. Sensitive information, which typically includes the user’s PIN and/or password, is kept in a secret zone of the read-only memory. This zone is encoded during manufacturing, using cryptographic techniques, and is inaccessible even to the card’s owner.

The newest forms of smart cards are ultra-small modules that communicate via radio with sensors on the device or doorway to be protected. These usually contain not only the information required to access the protected area or device, but also personal information related to what you can or cannot do once you have entered of logged on. Advanced versions of these identifiers may contain health related information, which can be used if you are found unconscious or disabled, or man-down sensors, which can alert personnel if you fall or come under duress.

TYPES OF ACCESS CARDS

Access cards are distinguished by the technologies used to encode information on them. The government publications, Guideline on User Authentication Techniques for Computer Network Access Control (FIPS PUB 83), and Guideline For The Use Of Advanced Authentication Technology Alternatives (FIPS 190) described the following types of cards in 1980 and 1994, respectively. Although some of these methods have been supplanted by newer technologies, they’re all included here for historical interest:

Photo ID card

Contains a facial photograph that is checked visually by a person.

Optical-coded card

Contains a geometric array of tiny, photographically etched or laser-burned dots representing binary zeros and ones that typically encode the user’s identification number. The card is laminated with a protective layer that can’t be removed without destroying the data and invalidating the card.

Electric circuit card

Contains a printed circuit pattern. When inserted in a reader, the card selectively closes certain electrical circuits.

Magnetic card

Contains magnetic particles that encode the card’s permanent identification number. Data can be encoded on the card, but the identifying structure of the tape itself can’t be altered or copied.

Magnetic stripe card

Contains only a stripe of magnetic material, typically on one edge of the card. This technique is used by most commercial credit cards.

Metallic strip card

Contains rows of copper strips. The presence or absence of strips determines the code pattern.

Capacitance card

Contains an array of small conducting plates. The capacitance of the plates determines which are isolated and which are connected.

Passive electronic card

Contains electrically tuned circuits. The card is read using a radio frequency field, which decodes the tuned circuits to encode the unique card number.

Active electronic card

Contains electrical circuits. The card is read by an interrogation unit that examines the encoded information transmitted by the badge.

Memory and microprocessor tokens

These are fitted with both EPROM and EEPROM programmable nonvolatile memory technologies.

Radio-based card

Communicates between user and desktop computer via tiny radio frequency circuits embedded in the access card.

Unlike most of the other types of access cards that are typically used (like badges) simply to gain entry to a facility, smart cards are often used for authentication. When a user attempts to log in or enter a secure facility, the computer system may transmit information to the smart card, which performs a series of complex calculations on it and transmits the result back to the computer. If the transmitted result matches the expected result (which is possible only if you have an authentic smart card), you’re allowed to enter.

Many smart cards are built to work with card readers. You insert the card in the reader. The system displays a message, and you enter your personal identifier in response. If the identifier matches the one expected, you’re allowed access.

Biometrics

Every person has a set of unique physiological, behavioral, and morphological characteristics that can be examined and quantified. Biometrics is the use of these characteristics to provide positive personal identification. Fingerprints and signatures have been used for many years to prove an individual’s identity, but individuals can be identified in many other ways as well. Computerized biometric identification systems examine a particular trait and use that information to decide whether you have the right to enter a building, unlock a secured area, or access a system.

Biometric systems are available today that examine fingerprints, handprints, retina patterns, iris patterns, voice patterns, signatures, and keystroke patterns. Devices have also been proposed for such traits as body weight, footprints, signatures, lipprints, wrist vein patterns, brainwaves, skin oil characteristics, facial geometry, and weight/gait patterns.

Although the human body is intrinsically difficult to measure and quantify accurately, biometric devices are generally reliable (especially when sensible thresholds are established for determining, for example, how closely a signature needs to match to be called “identical”). For best results, use biometric devices in a two-factor authentication system, in conjunction with another authentication measure such as a password.

Of the devices currently on the market, only fingerprint, handprint, and retina pattern systems are properly classified as biometric systems, because they test actual physical characteristics. Voice, signature, and keystroke systems are more properly classified as behavioral systems, because they test patterns of physiology or behavior.

The typical biometric identification system obtains data from you—for example, a handprint, a retina pattern, an iris scan, or a voice pattern. It then converts that analog signal into a digital representation and compares that representation to the many “templates” stored in the system. These templates are obtained when you are originally enrolled in the system. For example, in a signature verification system, you’re required to sign your name several times to allow the system to sample traits and construct a template for later comparisons.

Biometrics have shown great promise, and in fact have long history, but they are not yet extremely popular. Users have expressed reluctance to submit to such surveillance for all but the most crucial operations. False positives and false negatives (either allowing an unauthorized person in or preventing an authorized person from entering) remain a concern. Metrics involving the allowable ratio of false positives to negatives are part of the purchase process. Potential buyers seem to be mainly deterred by cost and by fears that unauthorized users will either impersonate authorized users or somehow bypass the devices altogether. Some recent experiments with gelatin hand and fingerprints, for instance, have indicated that biometrics alone is not adequate for personnel identification.

This is not to say the technology does not have great promise. As biometric devices gain more of a foothold in the market, it’s expected that useful techniques will follow, which may make such systems desirable. One example is a program that keeps track of unsuccessful attempts to gain access and then stores the characteristics (e.g., fingerprints) of the unsuccessful intruder so that person can be tracked down at a later time.

Another feature sends a distress signal if the system determines that you (an authorized user) are being coerced into helping an unauthorized individual to gain access. To make this work, you need an agreed-upon signal. For example, with a fingerprint system, you could signal that you needed help by pressing the left index finger, not the expected right index finger, on the glass plate of the scanner. The intruder would be unlikely to notice this subtlety. The software could be programmed to allow entry, but to alert your organization’s security forces that you’d been forced to help an intruder gain entry.

There are a lot of tradeoffs associated with biometric systems. Because such systems are new and because many people just don’t like being measured, there’s quite a bit of personal resistance to using them. Although most of these methods are quite effective from a technical point of view, they may prove completely ineffective if people reject them and if they’re seen as being intrusive, time-consuming, or even dangerous.

Some biometric methods are viewed as being quite threatening. Retina identification systems tend to be the most frightening; despite reassurances, people fear that the system will run amuck and blind them. That’s quite an obstacle to acceptance! Other systems, because they’re more familiar and less threatening, don’t meet with the same degree of resistance. Signature systems, for example, are well-accepted because people are accustomed to having their signatures verified during banking and credit card transactions.

Surveys indicate that biometric devices, in order of effectiveness, rank as follows (most secure to least secure):

§ Retina pattern

§ Fingerprint

§ Handprint

§ Voice pattern

§ Keystroke pattern

§ Signature

In order of social acceptance, the order is practically the opposite:

§ Keystroke pattern

§ Signature

§ Voice pattern

§ Handprint

§ Fingerprint

§ Retina pattern

Trade organizations for developers of biometric products are addressing technical issues associated with biometric devices and are also working on increasing public acceptance of these devices.

Retina Patterns

Everybody has a unique retinal vascular pattern. Unlike a fingerprint, the pattern of blood vessels in the retinal tissue can’t be recorded or even photographed with ordinary equipment. Retina pattern verification systems examine the unique characteristics of an individual’s retina and use that information to determine whether the individual should be allowed access.

A retina pattern verification system uses an infrared beam to scan your retina, measuring the intensity of light as it is reflected from different points and producing a digital profile of the blood vessel patterns in the retina. The system allows access only if your retina pattern sufficiently matches those of the retina pattern stored for you in the system. The newer systems also perform iris and pupil measurements. Hand-held devices are being developed for workstation access.

Retina systems are very reliable. Their ability to work properly is affected only by very serious injuries and a few rare diseases. They have been used successfully in national laboratories, office buildings, and prisons, but they are not well-accepted as access devices. Of all of the biometric systems, retina systems seem to be the most threatening because of the public’s fear that scanners will blind or otherwise injure them.

Iris Scans

Rather than examining the retina at the back of the eye, an Iris scan looks at the colored part of the front of the eye. This is much easier to image, and can be very accurate for identification. Iris scans may provide a feasible biometric where retina scans still meet resistance.

Fingerprints

Everybody has a unique set of fingerprints. Fingerprint verification systems examine the unique characteristics of your fingerprints and use that information to determine whether or not you should be allowed access.

The use of fingerprints to identify people dates from the 1800s. In the past, manual methods were used to classify and cross-check fingerprints according to certain patterns of ridges and whorls—in particular, detailed features of the print called minutiae. A fingerprint may have up to 150 of these minutiae. In the late 1960s, the FBI automated its system for cross-checking fingerprints, and all fingerprint checking was converted to automated systems by 1983.

A fingerprint system works like this: you place one finger on a glass plate. Light flashes inside the machine, reflects off the fingerprint, and is captured by a scanner, which transmits the fingerprint information to the computer for analysis. The fingerprint system digitizes the ridges and other characteristics of the fingerprint and compares these characteristics against the fingerprint templates stored in the system (or, in more primitive systems, against a print on a card that you carry). The system allows access only if your fingerprint sufficiently matches the template.

The more sophisticated fingerprint verification systems also perform a three-dimensional analysis of the fingerprint including infrared mechanisms for ensuring that a pulse is present. This means that an intruder can’t gain entry by presenting a mold of an authorized user’s finger or, worse still, an authorized finger that’s no longer attached to its owner (a particularly grisly type of hacking!).

Because fingerprinting has historically been used as a law-enforcement tool, fingerprint systems are pretty well-accepted by potential users of such systems—particularly in criminal justice organizations, in the military, in high-security organizations such as defense plants, and, increasingly, in banks. They have several disadvantages. They are slower than certain other types of biometric systems. In addition, their ability to work properly depends on the condition of the fingers being presented. Burns or other physical problems can affect the system’s ability to match fingerprints, as can any substance (e.g., dust, perspiration, grease, glue) on fingers. And as mentioned, gelatin coatings can allow someone to “forge” a fingerprint, and then discard or eat the evidence once past the barrier.

Handprints

Everybody has unique handprints. Handprint or hand geometry verification systems examine the unique measurements of your hand and use that information to determine whether you should be allowed access.

With a handprint verification system, you place your hand on a reader, aligning all of your fingers along narrow grooves with glass between. A sensor beneath the plate scans the fingers, recording light intensity from an overhead light, and measuring fingers from tip to palm to within 1/10,000 of an inch. The information is digitized and compared against a handprint template stored for you in the system. The system allows access only if your handprint sufficiently matches that of the stored template.

The older handprint systems examined finger length and the thickness and curve of the webbing between fingers. The newer hand geometry systems examine a whole set of topographical characteristics, such as the depth of the skin creases in the palm.

Very few handprint systems are in use today, though the technology is pretty well-accepted because it’s not considered to be as intrusive as other types of biometric systems. Handprint systems are said to be less reliable than fingerprint systems. Like fingerprint systems, their ability to work properly depends on the physical condition of the hand. Injuries, swelling, or the presence of rings, or even nail polish, on your fingers may affect the system’s ability to match a handprint.

Voice Patterns

Everybody has a unique vocal and acoustic pattern. Voice verification systems examine the unique characteristics of your voice. Some systems also examine your own phonetic and linguistic patterns and use that information to determine whether you should be allowed access.

With a voice verification system, you speak a particular phrase. The system converts the acoustic strength of a speaker’s voice into component frequencies and analyzes how they’re distributed. The system compares your voice to a stored voiceprint. The voiceprint is a “voice signature” constructed by sampling, digitizing, and storing several repetitions of a particular phrase. The system allows access only if your voice signature sufficiently matches those of the stored voiceprint.

Voice systems are fairly well-accepted (they are viewed as being nonthreatening) in financial organizations such as banks (particularly vaults), credit card authorization centers, and certain types of ATMs. Their ability to work properly depends to some extent on the physical condition of the larynx. Respiratory diseases, injuries, stress, and background noises may affect the system’s ability to match a voiceprint.

Keystrokes

Everybody has a unique pattern or rhythm of typing. Keystroke verification systems examine the unique characteristics of your keystrokes (your own electronic signature) and use that information to determine whether you should be allowed access.

With a keystroke system, you must type until the system can construct a reliable template of your keyboard rhythm. Once a template is available, the system will be able to examine the speed and timing of your typing during the login process, and compare it to the keystroke template stored for you. The system will allow access only if your keystroke patterns sufficiently match those of the stored template.

Because keystroke verification may be built into the ordinary login process and doesn’t require a separate verification cycle, it may eventually win wide acceptance.

Certain keystroke systems are passive systems that continuously sample your keystrokes. The goal is to determine whether in fact, the person who logged onto your system under your account (presumably that would be you) remains in that position, or whether an intruder has somehow supplanted you to gain access. Because such systems can be used to perform surveillance of your work habits (What are you typing? At what rate?), they raise privacy issues.

Signature and Writing Patterns

Everybody has a unique signature and signature-writing pattern. Signature verification systems examine the unique characteristics of your signature, and the way in which you write your signature, and use that information to determine whether you should be allowed access.

With a signature verification system, you sign your name, using a biometric pen, typically attached by a cable to a workstation. The pen, or the pad on which you write, converts your signature into a set of electrical signals that store the dynamics of the signing process (e.g., changes in pressure as you press down lightly on one stroke and more forcefully on another). The system compares the signature to a signature template stored for you. It may also analyze various timing characteristics, such as pen-in-air movements, that are unique to you and that are much more difficult to forge than the actual static signature on a page. The system allows access only if your signature and related characteristics sufficiently match those of the stored template.

Signature systems are a very well-accepted type of biometric system because people are accustomed to having their signatures scrutinized. Such systems are also much cheaper than many of the other biometric systems described in this section.

Gentle Reminder

It does not so much matter which technology is used to authenticate users to access facilities and computers if the correct steps are not taken in other areas. For example, consider the situation where physical access to certain areas is typically denied, but after 5:00 p.m., janitors can roam freely.

Proper disposal of documents would be another classic example. As has been demonstrated from several embarrassing incidents, mere shredding is often not enough. Unless a cross-cut shredder is used, software can detect which pieces join together by noticing the perforations and patterns left by the shredder cutting wheels. Computer graphics allows researchers to manipulate the bits of paper with a mouse. Sophisticated algorithms can reassemble sentences, performing trial fits that archivists can use to detect how a torn page might be reassembled. And all of this assumes that the document was even shredded, not merely ripped or folded. Physical security must be augmented by coaching users to destroy sensitive documents (with a cross-cut shredder). And everybody must keep an eye out for dumpster divers.

Similarly, access systems that cannot easily be fooled can usually be evaded and talked around. Would it take more than acquiring a pair of coveralls in the color of an overnight delivery firm? Or wandering in with a telephone communications test set on the belt and holding a clipboard? Also, what good is it if every employee is given a background check, equipped with a fancy token and prohibited from entering certain areas, while transient employees and vendors wander freely with their pails, vacuums, and clipboards? To be effective, physical security must apply to all hands.

Summary

Physical security is based on keeping intruders out. Out of the facility, out of the network and its wiring and wireless links, out of the computers, and out of the data stores. Much of physical security can be attained by common sense precautions, similar to keeping the cash safe in a business. Other measures are more obscure, such as adhering to the standards in data cabling and facility construction, such as providing adequate telecommunications pathways and spaces, and properly securing telecommunications rooms.

An important part of physical security is making sure that the people who must enter a facility are actually who they say they are. Proper identification procedures can include requiring badges and card readers at critical points, or actually measuring some attribute of the person, such as physical weight, appearance, fingerprints, or retina patterns. This kind of biometric security is increasing in its importance, and is appearing in more facilities all the time.