Ephemeral Biometrics: What are they and what do they solve?

Abstract

For critical infrastructure facilities, mitigation techniques for insider threats are primarily non-technical in nature and rely heavily on policies/procedures. Traditional access control measures (access cards, biometrics, PIN numbers, etc.) are built on a philosophy of trust that enables those with appropriate permissions to access facilities without additional monitoring or restrictions. Systems based on these measures have three main limitations: 1) access is typically bound to a single authentication occurrence; 2) the authentication factors have little impact against human (insider) threats to security systems; and 3) many of the authentication systems inconvenience end-users. In order to mitigate the aforementioned deficiencies, we propose utilizing the concept of Ephemeral Biometrics to construct strong, persistent authentication protocols.