In addition to the stability, scalability and extensibility of its architecture, cloud platform have made it possible for workflows across government to become more pervasive and secure as a result [4]. The TCO of a given cloud platform or series of applications therefore has continued to become reduced by the experience effect (comparable to economies of scale yet only applied to data aggregated and knowledge creation) across government [6]. This experience effect is being driven by the pervasive piloting of APIs and the development of shared resource programs that enable greater accuracy and speed of response to share security threats across departments of homeland security, departments, and ministries of defence globally [9].
The flexibility and agility of APIs are also the catalyst for Infrastructure-as-a-Service (IaaS) secured platforms that are biometrics device agnostic. That is to say they rely only on the API-based interface to the device, not the actual commands to operate them. This has drastically reduced the cost and time-to-value for biometrics systems globally, and has reduced TCO drastically as well.
The Biometrics APIs that hold together the Cloud Computing Infrastructure shown in Figure 1 also have specific implications on the Platform-as-a-Service (PaaS) layer of the model as well, as this layer deals with integration to legacy systems [8].
Being able to connect with and use the various legacy systems through biometrics-driven APis and peripheral devices can drastically reduce the threat of a system being hacked or compromised [9].
This area middle layer of the Cloud Computing Infrastructure is the most vulnerable due to the proliferation of standards, both from industry organizations including W3C and IEEE, and the many government standards continue to focus on this most vulnerable aspect of deployment cloud computing technologies [7] .
Standards including ISO/IEC 19784-1, ISO/IEC 24708, and ISO 27001 programming standards that homeland security and defence departments must adhere to mitigate risks of security breaches at this level of the could computing infrastructure model [7].
All of these factors have been included in a series of API requirements that enable integration of each layer of the Cloud Computing Infrastructure [8]. This is particularly relevant in the PaaS layer of the cloud-computing infrastructure, where security to the API level needs to be achieved while at the same time delivering pervasive support for the burgeoning number of biometric systems [2] in development and use today to support role-based access of sensitive data [6]. Integrating the biometrics API into the PaaS layer is also critically important for supporting identity verification and authorization technologies including iris scans, facial recognition, palm and retina scanning, in fingerprint identification and analysis which vary across devices in terms of their implementation and device-level support [10]. Homeland security and defence organizations choosing to deploy a range of technologies face the daunting task of ensuring integration to identification databases on the one hand and to the actual scanning device on the other are secured and cannot be compromised [9]. For many homeland security and defence organizations however, the reliance on role-based access across their organization has become a requirement [9]. Role-based authentication necessitates the use of multiple identification technologies, each requiring integration to a tertiary and often legacy databases, while also requiring integration to the actual device through APIs. The PaaS layer is then by default the weakest link in the security strategy of any cloud computing infrastructure.
Figure 1. Traversing Cloud Computing Architectures using Biometrics APIs
3.
Evaluating Role-based Biometric Use in Cloud Computing Environments
3.1 Biometric Characteristics
Superior to authentication through credentials or licenses, biometric-based authentication share a common trait of being able to identify a person by their behavioural and physiological attributes [10]. Biometric technologies can thus be used to define group-based permissions based on roles that are cross-referenced by physiological attributes [6]. This leads to availability of security protocols for homeland security and defence organizations, where entire groups can be defined for access to specific areas, for example in a branch of the military needing access to a supply chain centre [10]. All biometric technologies share the attributes of universality, uniqueness, permanence, and collectability [1]. All four of these criteria must be met for a biometrics system to be effectively used for monitoring, granting or refusing access to assets, both information and location-based [2]. From a SaaS standpoint, the integration of various biometrics technologies must be in compliance to industry and government requirements [7] if the databases accessed at the IaaS layer of the...
The most challenging aspect of biometric implementation through SaaS however is securing the queries to the authentication, biometrics, and identity management databases integrated at the IaaS layer of the cloud infrastructure [5]. Please see Table 4.1, Comparing Biometric Technologies. There is a correlation between cost and susceptibility, as the higher the cost to implement the less the susceptibility of the technology to circumvention [10]. To compensate for this fact, system use requirements are critical for the secure use of biometrics in homeland security and defence applications. The next section discusses these system use requirements.
3.2 System Use Requirements for Role-based Biometrics
Simply put role-based biometrics are the collection of strategies and initiatives for getting the best possible information and systems to those in need of it, by role and responsibility level throughout defence and homeland security agencies. Role-based biometrics break down tasks into processes so that information can be delivered to the right person and the right time to make the best possible decision.
Search criteria that can be stored and used as the basis of linguistic modelling and latent semantic indexing (LSI) of content to increase search performance. The use of biometrics APIs for search has been piloted [9] and continues to be developed that includes LSI-based technologies. The secured search platform requirements are defined to streamline access to the Cloud Computing Infrastructure without compromising all system integration points and connections.
Authentication through multiple biometric-based APIs for biometric technologies and secured integration points at the IaaS level [10].
Support for search and user taxonomy and ontological development to increase system performance, augment learning of homeland security, and defence requirements over time [1].
Creation of role-based logins and support for analytics to evaluate overall system and search match performance over time are essential components in the overall development of these biometrics-based systems using the common set of APIs [9].
Creation of secured search engine functionality that is both textual and graphical in nature through secured biometrics API connections [5].
4. Tables
4.1 Comparison of Biometric Technologies
The following table analyses biometric technologies and evaluates them on a series of criteria including accuracy, ease of use, and susceptibility.
Table 4.1: Comparing Biometric Technologies
Sources: based on analysis of the following [1] [2] [5]
Conclusion
The emergence of cloud computing platforms and infrastructures has significant implications for security for both defence and homeland security departments and ministries globally. Standards and APIs that have been mentioned in this analysis are applicable across all departments and nations implementing biometrics through the use of the cloud platform. The development of and continual refinement to biometrics-based software applications is also changing how defence and homeland security departments manage their organizations. Role-based access to biometrics-based data changes the overall efficiency and focus of defence and homeland security departments, as it provides the right information at the right time to the groups and individuals who need to use it the most to accomplish their objectives.
References
[1]
Bayly, D., M. Castro, A. Arakala, J. Jeffers, and K. Horadam. "Fractional biometrics: safeguarding privacy in biometric applications. " International Journal of Information Security 9.1 (2010): 69.
[2]
Sereguei Boukhonine, Vlad Krotov, and Barry Rupert. "Future Security Approaches and Biometrics. " Communications of the Association for Information Systems 16.(2005): 1.
[3]
Katzan, H.. "On The Privacy Of Cloud Computing. " International Journal of Management and Information Systems 14.2 (2010): 1-12.
[4]
Louridas, P.. "Up in the Air: Moving Your Applications to the Cloud. " IEEE Software 27.4 (2010): 6
[5]
Owens, D.. "Securing Elasticity in the Cloud. " Association for Computing Machinery. Communications of the ACM 53.6 (2010): 46.
[6]
Mohammad Peyravian, Stephen M. Matyas, Allen Roginsky, and Nevenko Zunic. "Multiparty biometric-based authentication. " Computers & Security 19.4 (2000): 369.
[7]
Quicke, S.. "Standards needed to drive biometrics. " MicroScope 24 Sep.
2007
[8]
Truong, D.. "How Cloud Computing Enhances Competitive Advantages: A Research Model for Small Businesses. " The Business Review, Cambridge 15.1 (2010): 59-65.
[9]
Wein, L.. "Homeland Security: From Mathematical Models to…
