The potential security benefits of multi-factor/multimodal authentication or access control systems are frequently discussed, but difficult to achieve in practice. In this four-part blog series: Improving Multi-Modal Authentication, I will address ways we can pragmatically move toward enhanced security systems. First, we’ll contemplate a couple of key questions – why your access control system needs intelligent fusion, and why smarter is even better. Next, we’ll cover security challenges associated with access control systems, and how behavioral biometrics can help overcome these hurdles. Lastly, as an example, I’ll take a deep-dive into how a proposed behavioral biometric solution can be configured to leverage additional data in order to deliver smarter identity and security outputs, as part of a multimodal authentication system.
The “More is Better” Approach
We often hear that two is better than one; extrapolating that logic, three or four may be even better…it’s certainly true for scoops of ice cream, and can also be true for multi-factor authentication and access control systems. Let’s expand on the latter (though we could easily argue mint chocolate chip vs. rocky road for days)…if we have a system that grants access based on multiple factors or identifiers, the greater our certainty that we’re granting access to the right person, and ultimately, the happier that will make our infosec teams.
There are several benefits to “more,” as can be seen with using more than one biometric identifier. It increases the accuracy of the overall access control system, and, in the case of continuous monitoring, helps make sure authentication can take place uninterruptedly, even when the user switches between activities or identifying factors. Of course, this concept is not new. Multi-factor authentication is already an established phenomenon – electronic card and password entry being the most common combination – but the ways of combining the relevance or “identity fidelity” provided by those multiple factors are new and improving.
In a multifactor or multimodal authentication system, several identity proxies or biometrics will be used, but all of them lead to one authentication decision. This process of combining available identity factors – fusion – produces additional complications that need to be resolved in order for the “more is better” approach to be worthwhile.
Conventional fusion methods often fail to account for three major issues:
- Varying accuracy of the identifying factors: We don’t want to arithmetically average a very accurate identifier A with a potentially very inaccurate identifier B, as if they were equally reliable.
- Potential correlation in the scoring of factors: Nor do we want to treat all identifiers as completely independent of each other; some may be heavily correlated with others, and thus result in a double-counting effect that skews the results of fusion.
- Operational environment characteristics that may affect accuracy at time of capture: Lastly, it has been found that certain identifiers, such as biometric matchers, perform quite differently depending on the operational environment.
Therefore, the ability to account for significant information about the operational environment into the fusion process will likely enhance the utility of the overall authentication system.
In short – an “intelligent” fusion method that is aware of the operational environment is able to compensate for the issues listed above and enables an effective, robust, “more is better” approach to establishing identity and monitoring access control (and I’ll take that a’ la mode, thanks!).