Biometrics and digital forensics: Cyber security connections

Most of us are familiar with biometrics, which is the use of fingerprints and other biologically derived data to specifically identify us as the unique people we are. We use biometrics to identify criminals, or to exonerate those falsely accused.

Traditionally, we have relied upon the unique pattern of fingerprints. As technology has advanced, we have been able to use other biometrics for identification.

Today, many advanced security systems rely on a retinal scan to identify patterns of veins in the back of the eye that also provide a unique identification pattern. Iris recognition has also become a popular identification means relying on the individual patterns and features found within the iris itself to provide a unique signature.

As the use of technology increases, so too does crime and terrorism. However, the increased use of technology also provides us an opportunity to derive new biometric and digital signatures to pursue those who engage in criminal and terrorist activities, as each electronic device has its own unique digital signature. Human interaction with our digital world also provides us with some interesting new digital biometrics.

Facial recognition has been one of the earliest and most popularly studied computer biometric applications and has remained so over the past 50 years.

While the initial attempts to explore facial recognition were made in the 1960s, it wasn't until Sirovich and Kirby developed the methodology for facial recognition in 1987, and Mathew Turk and Alex Pentland implemented the “eigenfaces algorithm” in 1981 that we could successfully use this method of identification.

Each of our faces is common in many respects but also unique in particular aspects, even among identical twins. If we can identify those general values, we can focus on facial scans for facial recognition, which rely upon the use of “eigenfaces” or local feature analysis to compose an a image.

“Eigenface” is a term derived from “eigenvalues” and “eigenvectors,” which exist in pairs and refer to the “vectors” or directions of values that provide the largest “variance” or difference in a set of data points.

By employing a process known as principal component analysis to a large group of human face images, we can generate a set of generalised eigenfaces.

These eigenfaces represent a set of standardised facial features, which can be combined in various ways to generate an approximation of specific individual faces. Since these eigenfaces are stored as a list of general values, rather than specific pixels of a digital photograph, storage space is significantly reduced.

The way we move and interact with our electronic devices also provides a unique form of identification. Studies have shown that the way we swipe our smartphones or the amounts of pressure we apply to computer and tablet keypads all are specific to us and provide a unique way of identifying exactly who is using a device. Even the way we carry and hold our devices provide interesting clues as to the identity of the users.

Digital forensics is an expanding branch of forensic science and it involves recovery and investigation of material found in devices in relation to cyber or other crimes. As more research is conducted, and as technology becomes more available and affordable so too will the methods of digital forensics expand.

Our computers, mobile phones, tablets, personal digital assistants (PDA), compact disks, digital camera flash cards and flash drives, and every electronic device capable of information storage can be a source of digital evidence.

This digital evidence is now used to prosecute all types of crimes, not just cyber or electronic crimes (e-crimes). A suspect’s e-mail or mobile phone files could potentially contain critical evidence regarding the suspect’s intent to commit a crime, their whereabouts during the crime, or their relationships to the victims.

The United States’ National Institute of Justice (NIJ) and the National Institute of Standards and Technology (NIST) provide the National Software Reference Library (NSRL) to promote efficient and effective use of computer technology in the investigation of crimes involving computers.

This programme collects software from various sources and incorporates file profiles computed from the software into a Reference Data Set (RDS) of information.

Matching file profiles
Law enforcement, government and industry organisations can then use the RDS to review files on a computer by matching file profiles with digital signatures of known, traceable software applications.

Within the application, hash values in the hash set are applications which may be considered malicious, including steganography tools and hacking scripts.

Digital steganography is a method of concealing files, messages, images or video within another file, message, image or video. We are probably most familiar with steganography in the form of invisible inks used to hide messages between visible lines of and open or private letter.

The obvious advantage of steganography is that an intended, secret message does not attract attention, and can be openly transmitted, then decoded by the receiver.

Digital forensics can also help us unravel crimes involving document forgeries and counterfeiting which can be a direct accessory to criminal and terrorist acts. We are all familiar with the different techniques used to identify authentic bank notes, such as paper watermarks, security fibres, holograms, or special inks.

However, these security techniques can be cost prohibitive. Methodologies are currently under development to enable forensics experts to identify a variety of specific inks used in forging documents, as well as identify the “digital signatures” of the printing devices themselves.

As the future “Internet of Things” expands and connects us through the use of embedded computer chips with a multitude of mechanical devices, the use of biometrics and digital forensics will become an even more important element in our fight against criminal and terrorist activities.

(Iyengar is a distinguished Ryder Professor and Director, School of Computing and Information Sciences, Miami; Miller has been with US Air Force for over two decades and is Coordinator, Discovery Lab, Florida International University)