Other Free Encyclopedias » Online Encyclopedia » Encyclopedia - Featured Articles » Contributed Topics from A-E

Biometrics Security - INTRODUCTION, Biometric Security, BACKGROUND, MAIN FOCUS, Privacy, Awareness and Consent, Risks, SPOOFING BIOMETRIC SECURITY, CONCLUSION

data individual systems authentication

Stewart T. Fleming
University of Otago, New Zealand

INTRODUCTION

Information security is concerned with the assurance of confidentiality, integrity, and availability of information in all forms. There are many tools and techniques that can support the management of information security and systems based on biometrics that have evolved to support some aspects of information security. Biometric systems support the facets of identification/authorization, authentication and non-repudiation in information security.

Biometric systems have grown in popularity as a way to provide personal identification. Personal identification is crucially important in many applications, and the upsurge in credit-card fraud and identity theft in recent years indicates that this is an issue of major concern in society. Individual passwords, PIN identification, cued keyword personal questions, or even token-based arrangements all have deficiencies that restrict their applicability in a widely-networked society. The advantage claimed by biometric systems is that they can establish an unbreakable one-on-one correspondence between an individual and a piece of data.

The drawback of biometric systems is their perceived invasiveness and the general risks that can emerge when biometric data is not properly handled. There are good practices that, when followed, can provide the excellent match between data and identity that biometrics promise; if not followed, it can lead to enormous risks to privacy for an individual.

Biometric Security

Jain et al. (2000) define a biometric security system as: …essentially a pattern-matching system which makes a personal identification by establishing the authenticity of a specific physiological or biological characteristic possessed by the user. An effective security system combines at least two of the following three elements: “something you have, something you know or something you are” (Schneier, 2000). Biometric data provides the “something you are”—data is acquired from some biological characteristic of an individual. However, biometric data is itself no guarantee of perfect security; a combination of security factors, even a combination of two or more biometric characteristics, is likely to be effective (Jain et al., 1999). Other techniques are needed to combine with biometrics to offer the characteristics of a secure system—confidentiality (privacy), integrity, authentication and non-repudiation (Clarke, 1998).

Biometric data come in several different forms that can be readily acquired, digitized, transmitted, stored, and compared in some biometric authentication device. The personal and extremely sensitive nature of biometric data implies that there are significant privacy and security risks associated with capture, storage, and use (Schneier, 1999).

Biometric data is only one component in wider systems of security. Typical phases of biometric security would include acquisition of data (the biological characteristic), extraction (of a template based on the data), comparison (with another biological characteristic), and storage. The exact design of biometric systems provides a degree of flexibility in how activities of enrollment, authentication, identification, and long-term storage are arranged. Some systems only require storage of the data locally within a biometric device; others require a distributed database that holds many individual biometric samples.

BACKGROUND

Biometric security systems can be divided logically into separate phases of operation—separating enrollment of a biometric from extraction and coding into a template form to authentication where a sample acquired from an individual at some time is compared with one enrolled at a previous time. The enrollment and comparison of biometric data are done by some biometric authentication device, and a variety of biometric data can be used as the basis for the authentication. The characteristics of a number of different devices are described, and then the particular risks and issues with these devices are discussed in the main part of this article.

MAIN FOCUS

For a relatively new technology, biometric security has the potential to affect broad sectors of commerce and public society. While there are security benefits and a degree of convenience that can be offered by the use of biometric security, there are also several areas of concern. We examine here the interaction of three main issues—privacy, awareness, and consent—as regards biometric security systems, and we show how these can contribute to risks that can emerge from these systems.

Privacy

There are several aspects to privacy with relation to biometrics. First, there is the necessary invasiveness association with the acquisition of biometric data itself. Then, there are the wider issues concerned with association of such personal data with the real identity of an individual. Since biometric data can never be revoked, there are concerns about the protection of biometric data in many areas.

A biometric security system should promote the principle of authentication without identification, where possible. That is, rather than identifying an individual first and then determining the level of access that they might have, authentication without identification uses the biometric data in an anonymous fashion to determine access rights. Authentication without identification protects the privacy of the user by allowing individuals to engage in activities that require authentication without revealing their identities.

Such protection can be offered by some technologies that combine biometric authentication with encryption (Bleumer, 1998, Impagliazzo & More, 2003). However, in many situations, more general protection needs to be offered through legislation rather than from any characteristic of the technology itself. Here we find a serious gap between the state of technological and ethical or legal developments.

Legislative protections are widely variable across different jurisdictions. The United Kingdom Data Protection Act (1998), the European Union Data Protection Directive (1995), and the New Zealand Privacy Act (1994) afford protection to biometric data at the same level as personal data. In the United States, the Biometric Identifier Privacy Act in New Jersey has been enacted to provide similar levels of protection. The Online Personal Privacy Act that proposed similar protections for privacy of consumers on the Internet was introduced into the United States Senate (Hollings, 2002; SS2201 Online Personal Privacy Act, 2002) but was not completed during the session; the bill has yet to be reintroduced.

Awareness and Consent

If an individual is unaware that biometric data have been acquired, then they hardly could have given consent for it to be collected and used. Various systems have been proposed (and installed) to capture biometric data without the expressed consent of an individual, or even without informing the individual that such data is being captured. Examples of such systems include the deployment of facial recognition systems linked to crowd-scanning cameras at the Super Bowl in Tampa Bay, Florida (Wired, December 2002) or at various airports (e.g., Logan International Airport, reported in Boston Globe , July 2002). While it would appear from the results of such trials that these forms of biometric data acquisition/matching are not yet effective, awareness that such methods could be deployed is a major concern.

Consent presupposes awareness; however, consent is not such an easy issue to resolve with biometrics. It also presupposes that either the user has some control over how their biometric data are stored and processed, or that some suitable level of protection is afforded to the user within the context of the system. The use of strong encryption to protect biometric data during storage would be a good example of such protection. It is crucial to reach some form of agreement among all parties involved in using the system, both those responsible for authenticating and the individuals being authenticated. Page 66  If the user has no alternative other than to use the biometric system, can they really be said to consent to use it?

Risks

Biometric devices themselves are susceptible to a variety of attacks. Ratha, Connell & Boyle (2001) list eight possible forms of attack (Table 1) that can be used by a malicious individual to attempt to breach the integrity of a system in different ways.

Uncertainty in the precision of acquiring and comparing biometric data raises risks of different kinds associated with false acceptance and false rejection of biometric credentials. False acceptance has the more significant impact—if a user who has not enrolled biometric data is ever authenticated, this represents a serious breakdown in the security of the overall system. On the other hand, false rejection is more of an inconvenience for the individual—they have correctly enrolled data, but the device has not authenticated them for some reason. The degree of uncertainty varies between devices for the same type of biometric data and between different types of biometrics. Adjusting the degree of uncertainty of measurement allows the designer of a biometric security system to make the appropriate tradeoffs between security and convenience.

Biometrics are not secrets (Schneier, 1999). If biometric data are ever compromised, it raises a significant problem for an individual. If the data are substituted by a malicious individual, then the future transactions involving their credentials are suspect. Biometric data can never be revoked and, hence, should be afforded the highest protection. Fingerprint-based biometrics, for example, are relatively commonly used, and yet fingerprints are easily compromised and can even be stolen without the knowledge of the individual concerned.

The class of attacks noted as spoofing exploit this uncertainty and allow the integrity of a biometric system to be undermined by allowing fake biometric data to be introduced. We examine next how this class of attack can be conducted.

SPOOFING BIOMETRIC SECURITY

Spoofing is a class of attack on a biometric security system where a malicious individual attempts to circumvent the correspondence between the biometric data acquired from an individual and the individual itself. That is, the malicious individual tries to introduce fake biometric data into a system that does not belong to that individual, either at enrollment and/or authentication.

The exact techniques for spoofing vary, depending on the particular type of biometric involved. Typically though, such methods involve the use of some form of prosthetic, such as a fake finger, substitution of a high-resolution image of an iris, a mask, and so forth. The degree of veracity of the prosthetic varies according to the precision of the biometric device being spoofed and the freedom that the attacker has in interacting with the device. It is surprising how relatively simple methods can be successful at circumventing the security of commonly available contemporary biometric devices

•Generic attacks
•Presentation of a fake biometric (spoofing)

•Replay attack (pre-recorded biometric data • Interference with biometric feature extraction •Interference with template generation

•Data substitution of biometric in storage

•Interception of biometric data between device and storage

•Overriding the final decision to match the biometric data

• Specific attacks

• Dummy silicone fingers, duplication with and without cooperation (van der Putte and Keuning, 2000)

•Present a fake fingerprint based on a gelatine mould (Matsumoto, 2002)

•Present fake biometrics or confuse the biometric scanners for fingerprints, facial recognition and retinal scanners (Thalheim et al., 2002)

(Matsumoto, 2002; Thalheim et al., 2002). Reducing the freedom that a potential attacker has via close supervision of interaction with the authentication device may be a solution; incorporation of different security elements into a system is another.

Two- or even three-factor (inclusion of two or three of the elements of security from Schneier’s definition) security systems are harder to spoof; hence, the current interest in smart-cards and embedded authentication systems where biometric authentication is integrated with a device that the individual carries and uses during enrollment and authentication. A wider solution is the notion of a competitive or adversarial approach to verifying manufacturers’ claims and attempting to circumvent biometric security (Matsumoto, 2002). Taking the claims made by manufacturers regarding false acceptance and false rejection rates and the degree to which their products can guarantee consideration only of live biometric sources is risky and can lead to a reduction in overall system integrity.

CONCLUSION

While biometric security systems can offer a high degree of security, they are far from perfect solutions. Sound principles of system engineering are still required to ensure a high level of security rather than the assurance of security coming simply from the inclusion of biometrics in some form.

The risks of compromise of distributed database of biometrics used in security applications are high, particularly where the privacy of individuals and, hence, non-repudiation and irrevocability are concerned (see Meeks 2001 for a particularly nasty example). It is possible to remove the need for such distributed databases through the careful application of biometric infrastructure without compromising security.

The influence of biometric technology on society and the potential risks to privacy and threats to identity will require mediation through legislation. For much of the short history of biometrics, the technological developments have been in advance of the ethical or legal ones. Careful consideration of the importance of biometric data and how they should be legally protected is now required on a wider scale.

Biot, Jean (Baptiste) [next] [back] Biometrics for User Authentication - Biometrics in Context of Security Goals, Fusion Strategies for Biometrics, Knowledge and Possession

User Comments

Your email address will be altered so spam harvesting bots can't read it easily.
Hide my email completely instead?

Cancel or