Identity-based security

Brian Chiang

Identity-based Security is a type of security that focuses on access to digital information or services based on the authenticated identity of an individual. All in all, it ensures that the users of online platforms are entitled to the information and services that they receive. Identity-based Security can take many forms, including Account Logins, Fingerprinting, or Facial Recognition (1). I will elaborate on each of these forms of online security as well as discuss some of the shortcomings and issues that come with them. 

To start off with, I would like to discuss the historical background of each type of security mentioned previously. The earliest form of Identity-based Security was introduced in the 1960s by computer scientist Fernando Corbató. During this time, Corbató invented computer passwords to prevent users from going through other people’s files, a problem evident in his Compatible Time-Sharing System, a technology that allowed multiple users access to a computer concurrently (2). The introduction of fingerprinting, although not digital when it was first introduced, dates back further than the computer password to the 2nd and 3rd century through King Hammurabi sealing contracts through his fingerprints in ancient Babylon. Evidence of fingerprinting was also discovered in ancient China as a method of identification in official courts and documents. It was introduced to the U.S. during the early 20th century in prison systems as a method of identification and has been used ever since. On the other hand, facial recognition was developed and introduced in the 1960s by American intelligence agencies and the military. 

Account Logins are by far the most common type of Identity-based Security. They are used commonly in online websites such as google.com, facebook.com, and amazon.com. While Account Logins are simple and easy-to-register, they are far perfect. For example, one of the major issues with Account Logins is fact that users often forget their passwords. According to a study conducted by Mastercard and the University of Oxford, a third of consumers abandon checkout due to password issues. While the solution to this problem may be to set the same password for every account, this actually poses serious security risks due to the increased probability of security breach since one breach will result in breaches across all remaining accounts (3).

Fingerprinting biometrics is another type of Identity-based Security that is praised for its security and reliability. The success of this type of security is derived from the fact that every individual has a unique fingerprint that lasts for a lifetime without significant change. Fingerprints are also hard to fake and commonly used by official entities such as the police and the government. While Fingerprinting is considered to be one of the more secure forms of identification security, it does not exist without flaws. For example, the accuracy of Fingerprinting can be compromised by the physical condition of one’s finger through injuries, skin conditions, and displacement on the sensor (4). While difficult, Fingerprint biometrics can also be faked through artificial fingers or a print-out of one’s finger (5).

Last but not least, Facial Recognition is a newer form of Identity-based Security that is commonly used by law enforcement officials. But how exactly does it work? Facial recognition works by capturing an image of a face, then analyzing the distinctiveness of it through facial features such as eye location or distances of facial features from the nose. The computer then converts this information into the database, assigning a “facial identity” for each individual unique to their facial features. Facial Recognition is still considered to be unreliable due to its many technological limitations such as lighting and camera resolution in addition to racial bias. For example, a federal study conducted in 2019 stated that Facial Recognition systems falsely identified Black and Asian faces 10 to 100 times more often than White faces. Although Facial Recognition is far from perfect, it is still utilized by the police to possibly identify criminals in public spaces.

Identity-based security, as discussed in previous paragraphs, takes many forms and is used by both individuals and the government. While none of them are without flaws, their importance in the modern-day world cannot be neglected. As we become more connected to the digital world, we also expose our vulnerabilities to hackers and cybersecurity threats that can only be neutralized by a more secure online security system.

  1. Mohammad Dastbaz, “Emerging Technologies and the Human Rights Challenge of Rapidly Expanding State Surveillance Capacities,” Strategic Intelligence Management: 108-118

  2. Yi Yangm “Empirical Study of Password Strength Meter Design,” 2020 5th International Conference on Communication and Electronics Systems (ICCES), Communication and Electronics Systems (ICCES), 2020 5th International Conference: 436-442

  3. Jessica Schroers, “I Have a Facebook Account, Therefore I Am – Authentication with Social Networks,” International Review of Law, Computers & Technology 33 (2): 211–23

  4. Munish Kumar, "Fingerprint Recognition System: Issues and Challenges,” International Journal for Research in Applied Science & Engineering Technology 6: 556–561

  5. Razak Ali, Media Abdul, "Design of an Online Authentication Protocol Using Both Fingerprint Identification and Identity Based Cryptography," Al-Nahrain Journal for Engineering Sciences 14: 199–204