Security in the air industry

The following article was written by Mike Taylor, Senior Account Manager BT Retail Brands and Distribution Sector.

Not surprisingly the New York atrocities of 11 September brought about an immediate call for stricter controls and heightened security from many quarters of the air industry. And while industry observers agree that prior to this event there were worryingly huge losses in American airlines overall, it is certainly true that the US tragedies have caused financial havoc in an industry already feeling considerable financial pain.

In a country more used to the rigours of terrorism threats than the States the UK, sadly, is arguably more wise to the necessity for security as an integral part everyday life. The Palace of Westminster bombing for example sent strong messages to a stunned and largely unsuspecting public saying ‘your world is changing, expect the unexpected’. Life would never be the same. The Government responded with plans, policies and committees while the emergency services become proficient in rapid reaction. Clearly, what has emerged from the New York disaster (and indeed from other terrorist incidents involving airliners) is the need for an efficient passenger scrutiny system world-wide which, as far as is reasonably possible, ensures that no undesirable travellers with inappropriate intentions are allowed to board aircraft in the first instance. Experts agree that an effective ramp-up of security must encompass all aspects of air travel including people, airports and baggage/cargo scrutiny and management, a tall order in such a fast moving industry. The need to introduce some electronic authentication process would seem to be high on their agenda. Electronic transactions are becoming an ever-familiar part of everyday life, the explosion of dealing across the Internet perhaps being the strongest example where the buyer and the trader must both conduct an authentication analysis. (It is known that trials are already in hand to test the viability of electronic authentication at Heathrow Airport. So far no results of these test have reached the public sector.) However, at this moment, there are relatively few ways of using wholly electronic interfaces to verify identification: What does exist includes: proof of identity by demonstrating knowledge known only to the individual such as passwords, pin numbers and so on; proof of possession by a unique and unalterable token, such as smart cards and stored personal identifiers; proof of geographical location, by which the person being at a particular location supports process evidence; proof of a distinctive body feature such as facial recognition, the comparison being captured on camera with a previously validated representation and proof by a distinctive measurable action by the individual, such as a analysed electronic signature.

When considering biometrics, (the study of behavioural or physical characteristics as a component in authentication) some physical processes have already been developed. These include: fingerprint analysis; facial recognition; iris scanning, retina scanning hand geometry, while under development are: hand vein patterns, body colouring and lip patterns. Meanwhile, behavioural features include: dynamic signature verification; speech verification and keystroke verification., and under development is gait (movement) recognition.

In all aspects of process authentication it must be born in mind that systems are invariably subjected to miss-use. Passwords are often written down for safekeeping; pass cards are lent to colleagues and so on. A strength of certain biometrics technology is that it checks the individual at the time of verification – not by proxy of that verification. – by using an algorithm which processes the signal that compares the feature under identification and compares it with a standardised representation of the individual’s feature or action. A decision process then determines if the likeness is acceptable and passes the result to the application.

One area which creates immediate problems for the biometrics system designer is that over a period of time there is a gradual yet perceptible change in human features which show up when compared to those held on a verification database. Also, slight changes in light levels, differences in presentation of fingers on a pad can create large discrepancies between the captured data and that held on record on a remote database. Comparison thresholds can be set arbitrarily but there comes a point at which the comparison process is valueless. While iris and fingerprint patterns hold their individual characteristics over many years ageing can dramatically effect skin tissue while body movement (gait) is also age related. Another consideration concerns the in-life cost of installing and running biometrics systems. While early projections and laboratory trials may indicate that a particular process would be fit for purpose and financially viable trials carried out ‘in the field’ can reveal the opposite with high enrolment and supervision costs adding a further dimension.

Using facial recognition the mathematical relationship of facial features can be encoded. The distance between eyes, nose, chin and cheekbones remains constant despite ageing, diet and mood and can only be altered through surgery. Meanwhile, entry to aircraft cockpits can also be controlled by biometrics operation as security protection while work is being done to perfect finger-pad sensitive triggers on guns to ensure that the device will only fire when the finger print pattern on the trigger matches that which is held within the gun.

An alternative is the use of ID cards, which carry a photograph; name, NI number individual physical details (the biometrics details) and medical records, digitised and stored on a silicon chip embedded within the card itself. Additionally, data on the bar code can provide address, credit card, work permit and family details together with – where appropriate – the date of entry into the country. Details are listed on screen when the card is swiped through at check-in. Using biometrics technology fingerprints and voice patterns can be digitised. Using iris recognition, say, the iris pattern is checked against a recognition grid. A digital code is then generated and stored on the ID card and a central database. (Iris scans have been proved to be inaccurate only once in every 2.8 million checks.)

Finally, through data links between airports and banks using biometrics technology it is possible to link details found under evaluation with those held on credit card databases. This could be particularly valuable for frequent flyers while travel agents may well see the value of using biometrics with similar links to finance houses for casual holiday travellers. Moreover, vehicle tracking is well within the scope of modern technology providing the ability to monitor movement around the airport.

An altogether different though nevertheless important issue, which must be considered here, is the area of Personal Data Protection and Social Rights infringements. The possible hurried introduction by the UK Government of identification tags has raised concerns that social freedom is being restricted. (Critics of the identification tag campaign have suggested that since the Police have found it almost impossible to ensure that all drivers carry their driver’s licence when behind the wheel, the enforcement of carrying identification discs would represent an even greater challenge.) However, there is and emerging notion that terrorism is potentially an even greater threat to civil liberty than implementing perceived restrictive security practices.

Within the air industry BT has an almost unparalleled reach in its understanding and grasp of this vastly growing business. As a result of our relationship with CAA for example, BT, as a regulated organisation, have a comprehensive understanding of the structure and mechanism of the air industry culture and it’s key operational drivers and guidelines. Our links with National Air Traffic Services meanwhile has given BT an in-depth picture of land/air communication functionality, the safety critical nature of their business and the future of computerised air traffic management. BT also values it ties with the airlines, whose commercial imperatives are a cornerstone in an increasingly competitive environment, identifying with the need for value-for-money services.

BT count among its valued customers both European and US-based air industry clients, which has given the company valued experience and knowledge, especially in assessing and understanding the future direction of the air industry communications platforms. Equally important is the need to improve efficiency against a background of increasing overheads. BT’s research centre at Adastral Park near Ipswich has huge experience in working in all aspects of security research including physical, electronic and web site technology. As a direct result of the US tragedies, the loss of consumer confidence in air travel linked to an inherent fear of flying has had a dramatic effect reducing passenger numbers. BT would see a consortia being formed comprising key industry organisations to review and agree a considered and effective solution to all aspects of security. This would take the form of a tiered approach with simple yet effective measures put in place during the next 6 – 9 months in time for the 2002 holiday traffic, while a more comprehensive long-term approach will provide the robust solution the industry and the flying public demand. There is of course the matter of ‘who pays? Security of this calibre does not come cheap. A solution must be found, there is no alternative.