How Gait Biometrics Bolster the Access Control Industry
Access control is an integral part of any business or facility's security, ensuring that only those with proper authority and credentials gain access. To enhance security measures, many facilities now use 2-Factor or Multi-Factor Authentication (MFA) methods. MFA are often a combination of knowledge (e.g.- PIN code), possession (e.g.- key cards), or inherent (e.g.- biometrics like a fingerprint, facial or retinal scan) factors.
MFA, and the accompanying biometric security industry, has been born out of necessity. Security breaches cost the economy over $600 billion per year. All market-popular methods for access control have previously been breached; PIN codes can be shared, intercepted, or guessed and key cards can be duplicated or lost. Adding further, increasingly difficult-to-duplicate layers of security became imperative.
Biometrics, the newest player in access control, finds appeal by using technology to identify people using unique physical feature— eyes, fingerprints, voices, faces— or behavioral characteristics. However, even these are not entirely secure.
Hand and fingerprint identification, one of the most widely accepted biometrics, has experienced parallel challenges and advancements. Hackers are as innovative as tech inventors, so as security tools evolve, so do the methods for beating them. Masterprints, forged fingerprints, stolen unencrypted fingerprint images, and otherwise exploiting software weaknesses are all ways that hackers have bypassed fingerprint requirements.
Iris and facial scans fall victim to some of the same vulnerabilities; stolen images, poor database protection, and outdated software betray security companies’ best efforts.
A major example of such a breech is the 2011 hack of RSA’s SecurID. Hackers were able to exploit an unpatched security flaw in an outdated version of Adobe Flash, planting a common piece of malicious software on an unwitting Australian employee’s machine. A few short days later, a horrifying number of global customers— including the U.S. Department of Defense— were compromised, RSA was in turmoil, and “the rug [was pulled] out from under the entire world’s model of digital security.”
Although outdated software and determined hackers will continue to be a problem for the industry, gait offers several advantages over previously used biometrics. The following paragraphs describe the competitive edge of gait biometrics when used for access security.
A common vulnerability of most access control systems is tailgating or piggybacking— a physical security breach that occurs when an unauthorized person follows an authorized person into a secured zone. It can be as innocent/accidental as an employee holding the door for who they assume is a colleague, but with serious implications for security contractors.
Existing industry responses to tailgating often include additional layers of physical barriers, such as turnstiles or gates. However, gait biometrics, either pressure-sensitive flooring or motion-capture cameras, can detect multiple individuals entering a secure space with authentication for only one individual, and furthermore, this identification is unobtrusive.
A key feature of most biometrics is that the user must present themselves (e.g., finger, hand, iris, face etc.) to a sensor and be scanned. Gait, on the other hand, is a natural movement that usually takes place when approaching a secure entrance.
Gait biometric measurement devices can be installed so that they are indiscernible to visitors, giving them the advantage of being unobtrusive to authorized parties and hidden to would-be imposters.
Another unique advantage of gait-based access control tech is their ability to perform passive registration. Unlike other biometric technologies, which require formal user registration, gait samples for registration can be acquired silently during initial entries, reducing burden to both the staff and those seeking access.
Virtually Impossible to Mimic
Finally, and most significantly, gait biometrics have the distinct advantage of being virtually impossible to replicate and therefore, steal. Gait is a by-product of a person’s biomechanical makeup; therefore, it cannot be easily mimicked. Although that does not mean that access control systems that utilize gait data are impossible to hack, it does make it exceedingly difficult.
Stepscan Technologies Inc. is the only company producing modular pressure-sensitive flooring large enough to capture the natural movement of multiple subjects simultaneously. The Stepscan System’s algorithms are capable of tracking and differentiating multiple individuals’ gait profiles using real-time streaming of their footprint signatures.
To learn more about the world's first pressure-based gait-authentication system for access control, read here. To hear more about Stepscan's plans to change the security industry, visit the Stepscan Secure website.