BIOMETRIC SECURITY - HOW SAFE ARE WE REALLY?

 

Biometric authentication uses some part of your physical characteristic to authenticate against (Rountree, 2013). Biometric systems are becoming one of the most popular forms of security validation. This is partially because password authentication has become so much easier to compromise and to hack. Fingerprint authentication is seen as the most secure and most accurate form of biometrics (Idemia, 2021). Iris recognition is a close second in accuracy and security. Facial recognition, because of convenience, is a runner up on security and ease of use. One of the most popular forms of biometric systems that we use today is the facial or fingerprint authentication used to unlock our phones.

Most people do not know the schematics behind biometric systems authentication. Initially, during a process known as enrollment, biometrics are collected in the form of fingerprints, facial or iris scans, or even voice patterns are collected from an individual. In facial recognition systems, the system takes different facial features, processes them, and converts them into numerical data (OneLogin, n.d.). When the user attempts to login, the system recaptures their face, extracts the numerical data, and finally compares it against what is store in the database. In essence, a user is not actually being authenticated against themselves, but ultimately are authenticating against the value stored in the database during the enrollment process. This process does make it more difficult to spoof or hack, but is not 100% foolproof.

Cyber criminals have found ways to spoof biometric data and in turn, gain unauthorized access to systems. A few of the ways that hackers spoof biometric data is by downloading or printing a person’s photo, using a fake silicone fingerprint, using a 3D mask, or even altering the values stored in the biometric database (OneLogin, n.d.). Additionally, smart phone fingerprint scanners often use partial matches, allowing the possibility for hackers to create “master prints” that match the partial prints of many users, in turn granting access to a number of user accounts.

In my experience working with biometrics, I have personally observed how poor data entry during the enrollment process can lead to misidentification. For example the index fingerprint could be collected and stored in the database but labeled as the thumb print, a name could be misspelled, or data could be entered into the wrong text box, etc. These are all forms of misinformation and could later confuse the system into not granting an authorized person access to the resource, or not properly identifying a person. This type of data collection uses a database, so if the search criterion is not thorough enough or if it is looking for exact matches, a lot of misidentifications could occur, all due to poor data collection.

As with computer authentication, one way to make the biometric authentication more secure is to enable multimodal biometric authentication (OneLogin, n.d.). This means instead of a simple facial recognition, the system would require a secondary biometric authentication, like a fingerprint. In this scenario, someone trying to hack the system would have to fool the system two times, which makes it a much more complex thing to do. One negative aspect about biometric authentication is, although it is more secured, in comparison to non-biometric authentication systems, it is more costly to implement.

 

References

One Identity. (n.d.). Biometric authentication: Good, bad, & ugly: OneLogin. One Login. Retrieved March 29, 2022, from https://www.onelogin.com/learn/biometric-authentication

Rountree, D. (2013). Biometric authentication. Biometric Authentication - an overview. Retrieved March 29, 2022, from https://www.sciencedirect.com/topics/computer-science/biometric-authentication#:~:text=Biometric%20authentication%20involves%20using%20some,multiple%20characteristics%20could%20be%20used.

Ten facts you didn't know about biometrics in 2019. IDEMIA. (2021, May 6). Retrieved March 29, 2022, from https://www.idemia.com/news/ten-facts-you-didnt-know-about-biometrics-2019-2019-06-25