Circumventing the limitations of Biometric Systems

Biometrics offers multiple usability advantages over traditional based authentication techniques, but raises privacy and security concerns. However, when traditional authentication methods are compromised can be replaced while biometrics is permanently associated with a user and cannot be replaced. Advanced biometrics research has been conducted by many research groups world-wide to circumvent the limitations of biometrics. The aim of the research is to utilise the positive characteristics of traditional authentication methods by using advanced mathematical models to produce biometric template which can be cancelled and be revoked like a password which is unique to every application. Instead of storing the original biometric, advanced mathematical models are applied to transform the original biometric into a unique domain. The transformed biometric and the advanced transforming mathematical model are either stored on a smart card or centrally in a database. The model preserves privacy because it is not possible or computationally very hard to recover the original biometric template. In an unfortunate situation where a user’s biometric has been compromised, the followings steps can be taken:

  • Simply re-enrol the user using another advanced mathematical model and thus providing revocability.
  • The model prevents cross-matching between the databases as each application applying the same biometric uses a different advanced transformation model.
  • Biometric feature representation is not changed by the advanced mathematical models. This allow the use of standard biometric discriminating feature extraction and matching algorithms.

In summary, cancellable biometric scheme offers the following:

  • Diversity: Different applications must use different advanced models to transform the original biometric and thus resulting in a large number of protected templates from same biometric feature is required.
  • Revocability: Cancellable biometrics simplifies the process for revocation and reissue in the event of compromise.
  • Non-invertible: Cancellable biometrics prevents the original biometric from been recovered from the template.
  • Performance: The performance of the biometric systems is not impacted by the advanced models and hence the performance of the system does not deteriorate.

For more information on the solution from Biometric Research Laboratory, BRL, we refer all reader to the book published by our senior researcher title “Secure Biometric Face Recognition: A Case Study for Non-Reversible and Cancellable Biometric Transforms”.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com.

What you didn’t know about Biometrics: System Limitations

Securing biometric information and ensuring the privacy of personal identities is a growing concern in today’s society. Our previous articles have highlighted the limitations of tradition authentication schemes. Traditional authentication schemes mainly utilize tokens or depend on some secret knowledge possessed by the user for verifying his or her identity. These traditional based techniques have been very popular and have several limitations. Traditional based approaches such as token and knowledge-based approaches cannot differentiate between an authorized user and a person having access to the tokens or passwords. Knowledge-based authentication systems require user to remember and manage multiple passwords/pin numbers which results in user inconvenience. The limitations of traditional authentication methods can easily be overcome by biometrics-based authentication schemes using fingerprints, face recognition, etc., while offering usability advantages such as user convenience as the user does not have to remember multiple passwords and their associated cards. It is likely that most people who hold more than one bank card have mixed up their pin numbers. However, despite its obvious advantages, the use of biometrics raises several security and privacy concerns as outlined below:

Biometrics is authentic but not secret: Unlike passwords and cryptographic keys that are known only to the user, biometrics such as voice, face, signature, and even fingerprints can be easily recorded and potentially misused without the user’s consent. There have been several instances where artificial fingerprints [14] have been used to circumvent biometric security

Biometrics is taking the Military by storm, both as a tool to fight war on the battlefield and as a way for efficient business practices. Biometrics is now becoming an integral part of a soldier’s mission, allowing troops to identify potential threats and confirm the link between name and face.

Biometrics can enable the Military to achieve the followings:

  • To identify an individual and associate that individual with certain actions.
  • To identify individuals’ associates and their activities or what they have been involved in.
  • To link events such as an improvised explosive device at one place and another and to assist build a picture of what has happened.

The modern warfare takes place in urban environments, unlike conventional warfare where the two sides face each other on the battlefield using weapons against each other. The Military needs to re-think how to approach warfare.

In the event that improvised explosive devices would be discovered by the Military at various locations, the Military could take the following actions:

  • Enrol the Fingerprints found on the improved explosive devices into the database. Record vital information such as location, number of prints etc.
  • Search for a match against available criminal database. If a match is found, then they know the perpetrators.
  • If a match is not found, the Military can set up operations within the area where live biometric samples are obtained from individuals and compared against the stored fingerprints found on the improvised explosive devices.

Biometrics can be used in an effort to combat insurgent forces interspersed within an indigenous population. Therefore biometric identification and tracking of individuals becomes a core mission in such a war.

In addition to the above, the Military can use biometrics in its own facilities as a type of universal access: every member of the Military, their families and civilian employees have a common access identification card that is embedded with their fingerprints.

For example:

  • Use biometric technology to clear veterans who are receiving treatment at the veteran’s clinic for access to the base hospital.
  • Use biometric technology to provide keyless entry to sensitive areas.
  • Use biometric technology to confirm identities as they board foreign ships.

 

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com

Biometric System Limitations

Securing biometric information and ensuring the privacy of personal identities is a growing concern in today’s society. Our previous articles have highlighted the limitations of tradition authentication schemes. Traditional authentication schemes mainly utilize tokens or depend on some secret knowledge possessed by the user for verifying his or her identity. These traditional based techniques have been very popular and have several limitations. Traditional based approaches such as token and knowledge-based approaches cannot differentiate between an authorized user and a person having access to the tokens or passwords. Knowledge-based authentication systems require user to remember and manage multiple passwords/pin numbers which results in user inconvenience. The limitations of traditional authentication methods can easily be overcome by biometrics-based authentication schemes using fingerprints, face recognition, etc., while offering usability advantages such as user convenience as the user does not have to remember multiple passwords and their associated cards. It is likely that most people who have more than one bank card have mixed up their pin numbers. However, despite all the obvious advantages, researchers at the Biometric Research laboratory, BRL, within Namibia Biometric Systems are keen to raise several security and privacy concerns as outlined below:

Biometrics is not a secret: Unlike passwords and cryptographic keys that are known only to the user, biometrics such as face and fingerprints can easily be recorded and potentially misused without the user’s consent by biometrics experts. Our researchers at BRL are keen to outline that there have been several instances where artificial fingerprints have been used to circumvent biometric security systems. Face and voice biometrics are similarly vulnerable to being captured without the user’s explicit knowledge. In contrast, tokens and knowledge have to be willingly shared by the user to be compromised.

Biometrics cannot be cancelled: Passwords, PINs, etc., can be reset if compromised. What about your biometrics? It is clear that tokens such as credit cards can be replaced if stolen. However, biometrics are permanently associated with the user and cannot be replaced if compromised.

Compromised biometrics: Biometrics provides usability advantages since it obviates the need to remember and manage multiple passwords. However, this also means that if a biometric is compromised in one application, essentially all applications where the particular biometric is used are compromised.

Tracking: It is likely that the same biometric might be used for various applications and locations, the user can potentially be tracked if organizations collude and share their respective biometric databases While traditional authentication schemes requires the user to maintain different identities to prevent tracking. The fact that a biometric remains the same presents a privacy concern.

To circumvent the limitations of biometrics, researchers at BRL published a book titled “Secure Biometric Face Recognition: A Case Study for Non-Reversible and Cancellable Biometric Transforms” which is available on Amazon. The next article will provide a high level solution to the limitations of Biometrics.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com.