Network access made simple, secure
- By Dan Verton
- Apr 03, 2000
As part of its multifaceted network security strategy, the Army is studying
the ethical and legal implications of replacing personal passwords with
devices that can read fingerprints, recognize voices and faces, and capture
a host of other personal biometric information.
Recently anointed as the Defense Department's executive agent for biometrics
research and development, the Army has created a biometrics security office
under the tutelage of Phillip Loranger, formerly the chief of the Command
and Control Protect Division within the Army's Information Assurance Office.
The Army has taken the lead in researching and developing biometric
security solutions that Loranger said will fill one of the most common network
security gaps: personal passwords.
"Passwords are cool, but passwords are the way we get into systems,"
said Loranger, speaking recently at the annual Army Directors of Information
Management Conference. Loranger demonstrated how easy it is for hackers
to crack password files and gain entry into Army networks.
"Passwords are not you. Biometrics is you," Loranger said. "This is
your finger and no one else's."
The term biometrics refers to the ability to scan and capture a digital
image of a unique human characteristic, such as a fingerprint, and compare
that captured image to a stored image that has been previously determined
to belong to an authorized user. Biometrics can be used in security applications
because qualities such as fingerprints and voice sound waves are unique
to each person.
Congress kick-started the Army's biometrics program when it added $15
million to the service's fiscal 2000 budget. Although the service will need
additional funding for the program this year, prices for biometric verifiers
have fallen drastically.
According to a recent study by Eric Bowman of Identix Corp., the average
price per access point was less than $500, compared with more than $6,000
six years ago. Voice signature verifiers on average cost about $1,000,
while fingerprint and hand geometry devices range from $300 to $1,200, according
The Army plans to study a wide range of biometric security solutions
to meet its network access and authentication challenge. Initial research
will be conducted on fingerprint, iris, voice and face identification, retina
scanning, handwriting and keystroke analysis, wrist-vein recognition, and
finger and hand geometry.
But initial plans call for the biometrics solutions to be used in conjunction
with a wide array of traditional security technologies, including firewalls
The concern is that one technology cannot provide foolproof assurance
and personnel authentication. For example, one of the challenges facing
the biometrics program is to determine how to differentiate between the
fingerprint of a living human being and from one that is severed — a potential
problem in the reality of the battlefield.
"We believe we need a combination of technology," said Lt. Gen. William
Campbell, director of information systems for Command, Control, Communications
and Computers, who characterized the Pentagon's Non-secure Internet Protocol
Routing Network as "horribly, horribly vulnerable."
The Defense Department's focus on biometrics may be expanding before
it begins. The Defense Advanced Research Proj-ects Agency, for example,
recently began a program known as Human Identification at a Distance, which
seeks to use biometrics to identify not only facial characteristics but
also behaviors. According to Loranger, the goal is to reach the point where
a computer can recognize its owner and turn itself on.