2.1 Research Question
What is the acceptance level of biometrics security system over the traditional ‘what the user knows’ based authentication system?
2.2 Literature Review
Security Engineering, A Guide to Building dependable distributed systems, by Ross Anderson: Basically we started our study with this book. And found it as a bible of not only Biometrics but also for many other security aspects. Our research supervisor Louise Yngstrom referred us the book as a good source of information.
Biometrics, Identity verification in a Networked world, by Samir Nanavati, Michael Thieme and Raj Nanavati: This book also helped us to make a good foundation of our knowledge about Biometrics. We searched and collected the book from KTH library.
An Introduction to Biometrics Recognition by Anil K. Jain, Arun Ross and Salil Prabhakar: We have found this paper from IEEE. We found it interesting because without just discussing about different Biometric methods they made a comparison among them from different perspective like Universality, Permanence, Performance and User Acceptability.
Perceived Acceptability of Biometric Security Systems by Frank Deane, Kate Barrelle, Ron Henderson and Doug Mahar: We found the paper by searching through Google. It was published by Elsevier Science Ltd. This paper was helpful in a sense that the authors basically tried to assess the acceptability of physiological and behavioral characteristics based biometric methods and we got knowledge about how to conduct a comparison between two systems.
Usability and Acceptability of Biometric Security Systems by Andrew S. Patrick: We found the book by searching through Google. It was published by the National Research Council (NRC) Canada. In this paper the author discussed about the challenge of designing a usable and acceptable biometric system. This paper helps us to know the potential of Biometrics over traditional password based authentication system.
2.3 Observation and Primary Hypothesis
From our literature reading we found that Biometric security system is getting a lot of attention because of its huge potential to increase the accuracy and reliability in the field of identification and authentication. A number of factors are working behind the increased usability of different biometric methods. The manufactures are manufacturing chips to use in biometric security devices which are smaller, cheaper and durable. The biometric devices are now designed with better ergonomic features. Its necessity is gradually being realized in the military applications als Not only that, Biometrics is going to be used in the Passport system in European Unio]. For the last couple of years the use of Biometrics in consumer products (e.g. Computer mouse, keyboard, and mobile phone) is noticeable. Besides a lot of research is going on to improve the Biometric Algorithms. Over all we found from our study that to make a seamless access control and authentication environment there is no alternative to Biometric
From our literature reading we also found that Biometrics is now considered more secure than the password based authentication system or even using smart card Biometrics is resolving the problems of passwords and PIN codes, which are considered as the most frequently used authentication technology. Biometrics security system introduces increased security, convenience and accountability compared to traditional password based authentication systems. When passwords have a threat to be guessed easily, Biometric data cannot be guessed in that way. Biometrics relaxes the users from memorizing a huge number of passwords and managing them. And as a result of these some big organizations have already moved to Biometrics system leaving the password based system behin These issues are discussed in more detail i
We also saw that a lot of research has been conducted about the assessment and evaluation of the performance of different biometric systems. But few pieces of research have been done on the acceptability of the systems even though they are being used by general people. So we became interested about the acceptability of the Biometrics security systems as compared to the most frequently used password based authentication systems. And from our readings we hypothesized that – as having more reliability and excellent features the Biometrics security system will be more acceptable to the general people than the traditional password based authentication system.
2.4 Testing the Hypothesis by real life survey
2.4.1 Subjects
In our survey total participants till date are 68. 87% are male. Most of the participants are in the age range of 26 to 30 years and that is 51% of the participants. 98% of the participants are computer savvy. 65% of the participants are students and 32% are jobholders. All the participants have at least minimum knowledge and/or experience about biometrics. And 99% use computers in their daily work.
2.4.2 Measures
Participants were given a questionnaire to complete. They were asked to provide their biographical data (e.g. age, sex) and level of computers usage. There was a question to assess their satisfaction level of using biometrics. A 5-Point-Likert-type scale was used to do that. There was a question to assess whether the presence of Biometrics have ever influenced them to buy a product or service. They were asked about their preference among different biometric authentication methods and traditional password based identification methods. There were also questions to assess which authentication method they think most secured.
2.4.3 Procedure
We conducted a field-based survey. Participants were met in groups and they were given a briefing about the research topic and purpose of the survey. All their confusions and questions were resolved on spot. They were informed that the survey is anonymous, voluntary and that they are not bound to answer all the questions. They were requested to provide unbiased opinion. They were asked to provide their email address if they want to know the result of the survey as well as the project and it was definitely kept optional.
3 Result
The objective of our research work was to assess the acceptability of different biometrics methods to general people. To find out the research answer we have conducted a survey. From the survey we have obtained some interesting findings which will be presented here.
There are many biometrics methods available now-a-days, among them we have chosen voice recognition, facial recognition, pointing, finger print, hand geometry and retina scan as because these are the most well known methods. Now Figure: 1 shows that 41% of the total participants think finger print is the most secured method than any other authentication methods. Retina scan has been supported by 26% of the total participants. Position of the password based authentication method is 3rd and only 23% people think it
is a secured method than the others.
Fig: 1. Authentication method that participants think most secured.
Again in figure: 2 we can see that 60% of the total participants think that ‘password’ would not be sufficient where they have used ‘biometrics’ for authentication. But 25% participants think that ‘there was no need of biometrics, password was sufficient’. 15% participants had no comments about it.
Fig2: Participants’ opinion whether password would be sufficient over existing biometrics system.
Password is frequently used to login to a system. But while the people have been asked whether they think biometrics would be more suitable than password, 69% of the participants gave positive response. Only 25% participants think that ‘biometrics would not be more suitable where they use password for authentication’. Figure 3 shows the opinion comparison graphically.
.
Fig3: Participants’ opinion whether biometrics would be more suitable than password based system.
Figure 4 shows an interesting thing. While the participants were asked about which authentication method they would like to prefer, surprisingly 59% of the participants said that they prefer traditional password based system. Here the closest competitor from biometrics side was fingerprint and 24% participants chose it.
Fig4: Shows the preferred way of login to a system by the participants.
From our study we hypothesised that the user acceptability of biometrics will be higher than the traditional password based authentication systems. Now, Figure 1 shows that biometrics technology such as fingerprint is considered more secure than password based system. Fig2 shows that users’ do not think password would be suitable or should replace the existing biometrics systems; also Figure 3 shows that people thinks biometrics authentication method would be more suitable where they use password. User response in Fig2 and Fig3 respectively makes it clear that they consider biometrics as a trusted system and password based method an insufficient and inefficient system. All these facts demonstrate the user’s trust and willingness to use biometrics authentication technology. But Figure 4 shows some variation in the user’s opinion, which says that for login to a system users still prefer traditional password based method, despite having their trust and willingness to use biometrics systems. This will be discussed at latter chapter.
4 Analysis of the results
In the endeavour to find which authentication method users consider secured, we found that they have chosen biometrics system more secured than the traditional password based authentication system. There are several reasons behind such choice. First of all, we noticed that most of the users don’t want to use long and complex passwords as they feel it too tedious to memorize such words, rather they use simple words those consist of their name, pets name or some dictionary words. These can be guess easily. Passwords can also be hacked. There is also a possibility to disclose the passwords by some form of social engineering. One interesting finding is that in password based systems it is very easy for the system administrators to know the passwords of the users in his system, so he/she can misuse the information, for example in case of after being fired from job. But in biometrics system, the possibilities of such incidents are almost absent. Here the user can authenticate him without having additional knowledge or gadget that can get abused, lost or guessed.
Within several biometric methods, 41% participants have considered Fingerprint method as most secured. One of the main reasons behind such high value of Fingerprint may be most of our participants have dealt with fingerprint than any other methods. They feel well protected with fingerprint authentication system and thus consider it as most secured system.
In the response to the questions whether users think password would be sufficient where they have used biometrics for authentication majority of the participants (60%) responded with negative support towards password based system. The noticeably high support for biometric may be because people feel more protected by using biometrics and they don’t consider password efficient to conduct their tasks, particularly in systems where users deal with sensitive data and do money transaction. This shows that beside security they also have found this system reliable to use.
An interesting thing came out from the survey that though users consider biometrics system more secure, reliable and wishes to have biometrics features in their personal devices; they prefer password based authentication system for login rather than biometrics authentication system. It might be because of the insult rate that biometric devices provide sometimes. The insult rate compels a user for several attempts for successful login. The adverse effects of biometrics makes user hesitant at frequent using of biometrics authentication system. For that reason users are still depended on password based system, despite the fact that they strongly believe that biometrics authentication system is more convenient, personalized and provides greater security. AuthenTec Inc. has conducted a survey on US consumers in 2008 and they have also found similar result.
5 Conclusions and discussion
5.1 Conclusions
From the analysis of our survey result we can conclude that, biometrics has acceptability among users in term of security. But biometrics authentication system has not gain popularity in day-to-day use in portable devices, because of behaviourally unfavourable response of biometric devices. We can thus conclude that users have interest on using biometrics authentication systems but due to lack of accuracy users still have not accepted it as their preferred authentication method.
5.2 Discussion
The use of Biometrics for person identification is definitely not a new buzz. The use of hand print and foot print is found in the history of 14th century chin. In his book ‘Life on the Mississippi’ Mark Twain mentioned thumbprints in 1883 [8]. History says London police started using finger print in 190. Besides the use of password for authentication is also an ancient method as the use is found in ancient roman military. But the first use password in computers is found in MIT’s Compatible Time-Sharing System (CTSS) in 196
The password system rapidly became popular due to its ease of use, flexibility, performance, distinctiveness and most of all it is not costly. But it has a lot of problems. So, people tried to find out an alternative method and then biometrics got the attention as it solves most of the problems of password based authentication systems. Biometrics got the attention in the IT industry. Giant IT companies and manufacturers started investing after it. And the result has been reflected by the development of the technology in Biometrics today. The manufacturers are now developing biometric products focusing the general people. As a result, finger print and face recognition method for login to laptop is in market since last couple of years. And mobile phone with finger print sensor is now not only seen in the Hollywood movie But after all of these there are some issues those are acting as obstacle to the rise of acceptability and popularity of these biometrics methods over traditional authentication methods.
From the result of our survey it is clear that the users can feel the essence of Biometrics and they think that it is necessary also it is more secured than the traditional password based authentication methods. But due to some problems they are avoiding or bypassing using Biometrics. We have found out some interesting issues like - despite having finger print recognition based login system he/she is using password prompt only because he is scared whether the finger print module get damaged due to frequent use. Some users think that using Biometrics for log in to his pc is a slow process. Some users are also scared to stand in front of retina scanner. Most of the users are avoiding facial recognition as it requires adequate light. And they do not want to disturb his/her root mates by switching the light on of his room while login to their laptop.
While talking about pros and cons of Biometrics in large and in small systems we can discuss from two different perspective – positive recognition and negative recognitio Biometrics can be used for user identification as well for user verification.
In case of positive recognition PIN code, Password, ID card etc are usually used for user verification. But all these methods have a lot of problems. For example, passwords are easy to use but it can be guessed easily. Though it is always suggested to use long password and change it frequently but as it suffers the users to memorize they try to use simple passwords. “A survey of 1,200 British office workers in year 2001 found that almost half chose their own name, the name of a pet, or that of a family member as a password It has also maintenance cost. “According to the Gartner Group, between 20% and 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labour cost for a single password reset is about US $38 Besides, ID card or token can be stolen or shared and in these cases the system has no way to trace that whether this is a real user or not. Biometrics solves all these problems. It cannot be lost, shared or forgotten. It also solves the problem of false repudiation. In this case it is just needed to calculate whether the biometrics is cost effective then the existing user verification process.
In case of negative recognition, where a system want to identify an user or check for his background information Biometrics faces some problems, though “traditional personal recognition tools such as passwords and PINs are not at all useful for negative recognition applications Ross Anderson has discussed the problem of using biometrics in large systems. He considered two systems: banking system and issuing citizens with as ID card that includes machine readable fingerprint or iris scannin In banking system the main application of biometric would be to identify its clients while they are committing transactions or are accessing their account profile. Here the problem is ‘High Error Rate’. As a typical fingerprint scanner get wrong about 1% of the time. Now to reduce false alarm the amount of missed alarm will increase. It is called ‘fraud’. Again problems remain the same for issuing national ID card including biometrics features. Moreover it is involved with mass people, their cultural belief and religious constraints should also be kept in mind. Sometimes people also don’t want to use iris scanning about being scared of damaging their eyes. Another thing that is applicable for both the large systems is slow processing time. Here needs a large number of complex comparisons for person identification. So, the query time becomes much higher than that for password system that makes the whole system slow. An interesting comparison can be shown between the FMR (False Matching Rate) and FNMR (False Non Matching Rate) for a system in identification mode and in verification mode. To find out 100 people from a database (database size 100) FNMR and FMR rate for fingerprint system in verification mode is 01% and 0.001% respectively. But the rate of FNMR and FMR for the same system in identification mode is 1% and 100* 0.001%=0.1% respectively. So it shows that in identification mode the value of false matching rate increases noticeabl This is also a problem of using biometrics in large systems.
5.3 Suggestions for future Research
While conducting our research work we were confined mostly on students. We could not include the opinion from people who are working in corporate and in sensitive areas of an organization. So it might be interesting to see what they think about the acceptability of biometrics. Besides, we have conducted our survey in a developed country. So, it might also be interesting to see what people from under-developed and developing countries recon. It will also be interesting to see an acceptability comparison between the Unimodal and Multimodal biometrics system.
6 References
[1] Bishop, Matt., 2004. Introduction to computer security. Prentice Hall PTR.
[2] Anil K. Jain, Arun Ross, Salil Prabhakar. 2004. An Introduction to Biometric Recognition, [Online] IEEE. Available at: [Accessed at 02 December 2009].
[3] Samir Nanavati, Michael Thieme & Raj Nanavati, 2002, Biometrics Identity Verification in a Networked World, United States of America: John Wiley & Sons, Inc.
[4] Andrew S. Patrick, Usability and Acceptability of Biometric Security Systems. [Online] National Research Council. Available at: http://biometrics.cse.msu.edu/Publications/GeneralBiometrics/JainRossPrabhakar_BiometricIntro_CSVT04.pdf. Canada: Research Council (NRC). [Accessed at 01 December 2009]
[5] Silicon.com, 2005, Biometrics curing password headaches, [Online] (Updated 28 September 2005) Available at: , [28 November 2009]
[6] Spaf’s Home Page, Quotable Spaf, [Online] (Update 9 December 2009) Available at: , [Accessed 2 December 2009]
[7] The National Center for State Courts, 2002, AN OVERVIEW OF BIOMETRICS, [Online] Available at: [Accessed 28 November 2009]
[8] Ross Anderson. 2001. Security Engineering, A Guide to Building dependable distributed systems. Wiley.
[9] Liahren Biometrics-china, Learn about Biometrics, [Online] Available at: [Accessed 1 December 2009]
[10] PCMAG.COM. More Secure than Passwords, [Online] Available at: [Accessed 1 December 2009]
[11] PCWorld , 15 January 2009, Biometric passports agreed to in EU. [Online] Available at: [Accessed 2 December 2009].
[12] AuthenTec Inc. 2008.AuthenTec 2008 Consumer Biometrics Survey. [Online] Avaiable at: [Accessed 7 January 2010].
[13] Wikipedia the free encyclopedia, 2008. Password. [Online] (Updated 1 January 2010) Available at: [Accessed 6 January 2010].
[14] DCVIEWS.COM, 19 January 2009. Fujitsu ships waterproof cell phone with Fingerprint sensor. [Online] Avaiable at: [Accessed 7 January 2010].