Network Security via Gait Biometrics

Information is not free; more often than not there are paid efforts in order to obtain it -- whatever it is. When an organization is involved, be it a government agency, large or small enterprise, or private network, there are continuing efforts to protect this information, which is often viewed as data, residing on a server. Now, a lot of this material is confidential data, so this is no easy task. Enterprises in particular are beginning to note some fundamental flaws in their security management systems: the sign-in procedure may be emulated, the password compromised or lost and the key, card, token, or required-knowledge passed to another undetectably. Many current procedures are no longer considered effective for protecting sensitive information. In addition, the growing need to exchange information between employees, business partners and suppliers has increased the threat level; today there are many internal security breaches that arise: they may be private but they often become public as well. The proper identification of each individual who has business in a secured facility is a requirement for many a different task -- and if it's not, it should be. This includes the interface for intelligent networks, both overt and covert security, and controlling the access that an individual will have, whether physical or logical. The logical is our focus here.

Understanding the need for greater security
Organizations have a duty to exercise control over all their sensitive information; the more that people become aware of what can happen when their very own information is gone astray, the more that an enterprise may be held accountable for its security. They must have the ability to identify key business processes, the controls for these processes, and any vulnerability in the controls. This will include the monitoring and auditing of access and the changes to and copying of documents, especially those of a financial, confidential or trade secret nature -- who did what, where, how and when it was done, all of it should be traceable information -- that itself can be audited. There are more losses due to some insider, whether from sheer ignorance or simple greed, than any that occur during a breach incident caused by an outsider; most any local merchandiser can attest to this fact. And communications with customers, suppliers and partners should also exhibit a level of accountability, at least the equal of these internal controls. If the loss of capital or trust can be caused by mismanagement of information, then better controls are a necessary thing to have. Most any enterprise or agency should be open to a properly done proof-of-action scenario.

What could be linking a person's actions to their location is their biometric identity, as defined by the template, created and read by an algorithm. In the management of identity, if we look beyond what a person knows or what they carry with them, we will come to the taking of actual measurements from an individual; their physical, biological or behavioural characteristics. The product of this is a biometric capture, which is then used for enrollment purposes. A face, finger, hand, signature, iris, or voice, 'the usual suspects', are used to create unique electronic identifiers, and these are stored, retrieved and compared, so the individual is either verified, one-to-one where a claim to the ID has been made, or identified, one-to-many where a search of the database will bring forth acceptance or rejection by the system in use. Some of the systems present with more problems than others but each of them can be seen eliminating most threats if the right conditions prevail.

Why current biometric choices are a struggle to use
In practical terms there are real-world reasons why a biometric interface/device, the kind that will use sensors, may continue to see problems with acceptance in the marketplace. The static nature of the captured data, the attempt to standardize error rates, and ultimately, the negative human experience associated with most any of the current systems is quite worrisome. Of particular note is the loss of autonomy if an individual's unique biometric measures are misused; to many, even the consideration of such theft is of some concern. No one can replace, not realistically, their iris, fingerprint, face, voice, or signature -- once compromised, even if it is only 'borrowed' for a short time, the purpose for which it is used, the authentication or indentification of someone, can no longer be assumed with impunity.

Whether the use for a biometric is for the physical access points or the logical access points, until it can be changed-at-will, and even retreived, its capture will be seen as a "necessary evil", at best. Now the firms involved with biometrics are addressing these and other such problems, and there have been a few notable advancements. For instance, with a higher grade of sensor, where the flow of blood-in-a-finger might be picked up, the 'rubber finger trick' is stymied. Other examples can be given but the very nature of a biometric, noted with its singular capture, which is often touted as a unique proof of its tie to the individual, is a thing usually taken during their introduction and enrollment in the security system. An alternative biometric, of a type that might be readily, and voluntarily, given-up to an organization, is what we offer here.

The awareness of what a rogue employee, or outside hacker, can do is on the increase. Here, loss of IP (Intellectual Property), capital and private information is a very real concern, which is often affecting the ordinary citizen (there are regular news stories of stolen lists and lost PINs, banking and credit information and even real money, on account of some security failing). One reason for this is the state of auditing within a given network environment. With the current biometric methods -- like a fingerprint scanner connected with a server through a workstation -- there is no working-method for deploying an efficient means to track what each individual opens, changes, copies, searches, etc. When it comes to automating these operations, there is nothing at all, not even in sight. Essentially, this is a problem that affects how secure a network portal is, and by extension, how secure is every document it leads to. The biometrics of gait, as captured through the footware of a registered user, is aimed to leave an auditable-tag on every log-in and access, from server to file to document.

Strategically, security systems should be interoperable
Although the above points to areas of concern within the biometric industry, it is still an industry that is advancing at a most rapid pace, with new innovations introduced monthly. Where a given enterprise is putting-a-procedure-to-the-test, the forward looking biometric firms are working within the structure of their IT department, applying best practices to get the best results. Several of the firms are specialized in putting together the offerings from a select number of specialized firms, from a few door and lock companies to biometric and security concerns, with allowances made for the security systems that an enterprise may already have. A candidate for inclusion in this group will meet some tough challenges, where the capability of their systems to work with the other choice systems is noted. They also need to show a wide range of research and practical proofs.

The type of biometrics that can come from shoes is, obviously, behavioural, in that it is the gait of an individual that is bringing forth their Identity. But there is some degree of the physical as well, in the methods we've chosen, due to how an individual's feet will operate in the 'soft machine' that is a pair of footware (which we cannot go into because they are proprietary). What we can note here is that pertinent characteristics in someone's given stride are so unique and plentiful, that enough of them are available, at all times, to identify them. When such a capability is part of a service, the side by side comparison between technologies will find nothing duplicated. Where the usual biometric is captured with a sensor device, a card reader or another material thing, the interface for a walking-biometric is in a minimum of three places: in the individual's footware, in cell that they will carry and in the security-software that the cell reaches-out-to with a number of information packets. Plainly there is room for interoperability but, upon deployment, the system we are promoting will be working quite independent of any other biometric tool. (A note: due to the intimate relationship, if the individual is separated from his tools, they cannot be used to ID the person).

How New Information Improves Security
The product that is derived from footware is a breakdown of the particulars of how an individual goes through their paces. Their stride, in other words, is picked-up at a most minute level, and when these particulars are viewed on screen, or recorded for later review, they are recognized as characteristics of their unique gait. Now when some of these characteristics are used to define and create a template, it can be reused to identity someone in a security check. It is reasonable to use someone's gait for both physical and logical access because of the shear uniqueness in a given stride, as it will be portrayed on the screen of an individual's handheld. There is no longer a need for a video camera to pick up the-tells from their gait; this has been replaced with the shoe components belonging to, and in constant touch with, the persistently identifiable person. This is certainly a breakthrough for gait analysis, but it should first be used in security applications. Introduced here is a system with three major innovations for IT security:

• The persistent data creates a possibility for a system that acquires an individual's ID without the physical kiosk, gate or door interactions that the other biometric systems are demanding. This new system will not only allow for entry checks, where hardware is installed, but throughout the physical or logical segments of a plant and network there might be developed a multitude of digital-doorways, all set-up for identification purposes, encompassing portals, servers, networks, documents, financial records and more -- wherever accountability and auditing are held to be necessary. The new method for gait analysis works with the users handheld to allow for distance between it and a secured portal. Within a certain range -- which may be measured in mere yards between the handheld and a secured door, or any-range at all if the security-packets are sent through IP or telephony contacts -- the user of registered footware can be checked into a system and then through it, in a physical or logical sense, with almost the whole of it placed on automatic.
• Due to the use of a gait biometric, which is the least adopted of all biometrics, there is not a lot that an enrolled individual will be needing to do, other than walking into, and around, a given facility. Once their rights and restrictions are registered, most everything that follows is going to be automatic; and when their situation changes, in the time allowed for such differences, the systems will update easily. Both the psychological and sociological implications are addressed here and the new systems can be satisfying both user and human factor concerns, which are paramount to biometric acceptance.
• There are any number of facilities, given the situation in the world today, that need a robust, reliable, accurate and easily deployed biometric system -- which can be implemented without interfering with any other IT security system that may be deployed. The shoes will be bringing forth from the individual 'something they are' by way of unique and identifying behaviors.

Biometrics for information, access and network security is advancing at such a pace that, by the year 2015, analysts predict most organizations and governments around the world will have had a number of reasons to adopt some form of it for an identification/verification system. With all of the features and benefits of the new system, we can be working with the current security methodologies or challenging them. The ultimate aim here is to dominate in specific areas of the IT security field.

< back