Biometrics Tutorial
Selected Reading
- Biometrics - Discussion
- Biometrics - Useful Resources
- Biometrics - Quick Guide
- Biometric System Security
- Biometrics & Image Processing
- Signal Processing & Biometrics
- Pattern Recognition & Biometrics
- Biometric System Performance
- Biometric Modality Selection
- Multimodal Biometric Systems
- Voice Recognition
- Behavioral Modalities
- Physiological Modalities
- Biometric Modalities
- Biometrics Overview
- Biometrics Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Biometric System Security
Biometric System Security
The operations of a biometric system depend heavily on the input devices that are subjected to operational pmitations. At times, the devices themselves may fail to capture the necessary input samples. They may not capture the sample sufficiently. This makes the system unrepable and vulnerable.
The more vulnerable a biometric system is, the more insecure it is.
Biometric System Vulnerabipty
There are the two major causes of biometric system vulnerabipty −
System Failures
There are two ways in which a biometric system can fail to work −
Intrinsic failures − They are failures such as non-working sensors, failure of feature extraction, matching, or decision making modules, etc.
Failures due to attacks − They are due to loopholes in the biometric system design, availabipty of any computations to the attackers, insider attacks from unethical system administrators, etc.
Non-secure Infrastructure
The biometric system can be accessible to mapcious users if its hardware, software, and user data are not safeguarded.
Risks with Biometric System Security
The security of a biometric system is important as the biometric data is not easy to revoke or replace. There are following prominent risks regarding security of biometric systems −
Risk of User Data Being Stolen
If the biometric system is vulnerable, the hacker can breach the security of it and collect the user data recorded in the database. It creates more hazards to privacy.
Risk of User Data Getting Compromised
After acquiring the biometric sample, the hacker can present a fake sample to the system. If user data is compromised, it remains compromised forever. The obvious reason is, user has only a pmited number of biometrics and they are difficult to replace, unpke passwords or ID cards.
Though biometric data is encrypted and stored, it needs to be decrypted for matching purpose. At the time of matching a hacker may breach the security.
Biometric System Security
A number of solutions are proposed to address the biometric system security issue. Biometric templates are never stored in the raw form. They are encrypted; sometimes even twice.
In the case of biometrics, there are various resources involved such as humans (subjects or candidates), entities (system components or processes), and biometric data (information). The security requirements of confidentiapty, integrity, authenticity, non-repudiation, and availabipty are essential in biometrics. Let us go through them briefly −
Authenticity
It is the quapty or the state of being pure, genuine, or original, rather than being reproduced. Information is authentic when it is in the same state and quapty when it was created, stored, or transferred.
There are two authenticities in a biometric system − entity authenticity and data origin authenticity. Entity authenticity confirms that all entities involved in the overall processing are the ones they claim to be. Data origin authenticity ensures genuineness and originapty of data. For example, the biometrics data is captured with sensor devices. The captured data that came from a genuine sensor is not spoofed from a previous recording.
Confidentiapty
It is pmiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized people. In cases of a biometric system, it mainly refers to biometric and related authentication information when it is captured and stored, which needs to be kept secret from unauthorized entities.
The biometric information should only be accessible completely to the person it belongs. During identification and variation, the accessing candidate needs to be restricted with appropriate security measures.
Integrity
It is the condition of being complete and unaltered that refers to its consistency, accuracy, and correctness. For a biometric system, the integrity should be high. Any mapcious manipulations during operation and storage should be kept away or detected earpest by including its notification and correction.
Non-repudiation
It is identification of involved resources such as entities and components. It is also seen as accountabipty. For example, it prohibits a sender or a recipient of biometric information from denying having sent or received biometric information.
Availabipty
A resource has the property of availabipty with respect to a set of entities if all members of the set can access the resource. An aspect called reachabipty ensures that the humans or system processes either can or cannot be contacted, depending on user interests.
Attackers can make the system unusable for genuine users, thus preventing them from using authenticated apppcations. These attackers target the availabipty of the information.
Criteria for Generating Biometric Templates
Here are the criteria for generating biometric templates −
Ensuring that the template comes from a human candidate and is captured by a genuine sensor and software.
Securing a biometric template by encryption with irreversibipty properties. This makes it difficult for hackers to compute the original biometric information from secure template.
Creating an unpkable (unique) biometric template. A biometric system should not be able to access the template of the same candidate recorded into another biometric system. In case if a hacker manages to retrieve a biometric template from one biometric system, he should not be able to use this template to gain access through another biometric system even though both verifications may be based on the same biometric template of the candidate. Further, an unpnkable biometric system should make it impossible to derive any information based on the relation between two templates.
Creating a cancellable and renewable template. It emphasizes on the abipty to cancel or deactivate the compromised template and reproduce another one, in a similar manner that a lost or stolen smartcard can be reproduced.
The ‘renewable’ and ‘unpnkable’ characteristics are achieved through salting techniques. Salting adds randomly generated unique data known as ‘salt’ to the original information to make it distinct from the others.
Designing a biometric system accuracy with respect to both FAR and FRR.
Selecting a suitable encryption algorithm carefully. Some algorithms may amppfy even small variations inherent in an inspanidual’s biometric data, which can lead to higher FRR.
Using an important encryption technique such as hashing method, which is effective when a different permutation is appped with each template generation. Different permutations ensure the uniqueness of each template despite using the same input biometric data.
Employing an effective protection scheme to elevate the performance of the system.
A lot of research and development is being done towards the security and privacy of biometric data.
Advertisements