Stolen fingerprints could spell the end of biometric security – here’s how to save it

 

On the other hand, increasing awareness with the spread of internet, people are getting aware about the strengths as well as shortcomings and risk associated with this technology. In the recent biometric data breach, more than 1m people had their fingerprints, facial recognition data, face photos, usernames and passwords revealed. It was also discovered that outsiders could replace biometric records in the database with their own details, exposing another way to overcome the security checks.

Thus fingerprint biometrics provides a higher confidence in the identity verification process and helps to create user accountability. Employee identification and workforce management becomes faster, accurate and more efficient with fingerprint technology.

Unlike magnetic strip cards or passwords, individuals always carry their fingerprints with them and they cannot be lost or forgotten. Tracking attendance of employees in manufacturing organizations prevents employee time theft and reduces fraudulent behavior. A biometric system enables automated calculation of employee hours thus reducing paper wastage and time spent in manual reconciliation of attendance data.

Biometric technology is not new and its utilization has turned out to be progressively prevalent than most people imagined. It could be interpreted that biometrics offers a high level of detection and security operations that have a lot of advantages over conventional methods. The advantages that biometrics provides are that the information is distinctive for every person and it can utilized as a technique for individual identification. The top benefits of Biometric technology are authentication, privacy or data discretion, authorization or access control, data veracity, and non-repudiation.

Recent revelations of government mass surveillance programs like Prism and XKeyscore, have made people sceptical about government intentions of usage of their biometric data. Despite the negative impacts of technology, it cannot be separated from society. Technology empowers society and adoption of technology by society empowers technology in return. Biometric data security is another concern that negatively impacts adoption of biometrics in society. With increasing numbers of data breaches year by year, people are afraid what if hackers steal their biometric data.

In the first step, reference models for all the users are generated and stored in the model database. In the second step, some samples are matched with reference models to generate the genuine and impostor scores and calculate the threshold.

Like other technologies, biometrics has also impacted society; however, impact of biometrics cannot be entirely compared with other forms of technological adoption. Biometrics leverages personally identifiable biological patterns of human being to uniquely identify them. Fingerprints and some other forms of recognition have been largely used in forensics and law enforcement for more than 100 years. Association of biometrics with forensics and law enforcement makes people sceptical as capturing fingerprints or other biological patterns were only limited to criminals and anti-social elements in the past.

The report said facial recognition records, fingerprints, log data, and personal information of over a million people had been found on a publicly accessible database. Soft biometrics traits are physical, behavioral or adhered human characteristics that have been derived from the way human beings normally distinguish their peers (e.g. height, gender, hair color). They are used to complement the identity information provided by the primary biometric identifiers.

Designing a Biometric Initiative

Fingerprint systems are automated and are able to provide concrete audit trails of individual check-in and check-out times. Any transaction performed by an individual is accurately and securely linked to the correct individual and there is absolutely no possibility of fraud.

How secure is biometrics?

Privacy principle: Personal information should only be used for the purpose for which it was collected. In biometrics, the potential for multiple uses stems from the fact that some characteristics, such as fingerprints, are relatively permanent and highly distinctive.

More traditional means of access control include token-based identification systems, such as a driver’s license or passport, and knowledge-based identification systems, such as a password or personal identification number. Instead of using something you have (like a key) or something you know (like a password), biometrics uses who you are to identify you. Biometrics can use physical characteristics, like your face, fingerprints, irises or veins, or behavioral characteristics like your voice, handwriting or typing rhythm. Unlike keys and passwords, your personal traits are extremely difficult to lose or forget.

The automated identification or verification of individuals based on their unique physiological or behavioural characteristics such as fingerprints, gait, iris etc. is referred to as biometric authentication. The concept of fingerprint biometrics has been in existence for thousands of years. Potters from East Asia used to place their fingerprints on clay as it cured.

Since biometrics of a person cannot be changed if compromised, fear of losing biometric data holds back social acceptance of this technology. Once they are used to this technology, they expect identification or authentication to be at least biometric-fast or better. Going back to older methods will be like asking to write a letter when you are so used to sending emails. There is a constant tug-off-war between privacy advocates and biometric technology firms.

  • It could be interpreted that biometrics offers a high level of detection and security operations that have a lot of advantages over conventional methods.
  • Biometric technology is not new and its utilization has turned out to be progressively prevalent than most people imagined.
  • The advantages that biometrics provides are that the information is distinctive for every person and it can utilized as a technique for individual identification.

Fingerprints are almost impossible to steal, forget, lose or compromise and thus fingerprint technology provides a greater degree of security and convenience as compared to other traditional authentication mechanisms. They can also be used in combination with other authentication mechanisms to provide enhanced security for a critical resource.

Fingerprint biometrics can provide both physical access to company buildings and logical access to internal resources such as enterprise computers and systems. India’s national ID program called Aadhaar is the largest biometric database in the world. It is a biometrics-based digital identity assigned for a person’s lifetime, verifiable online instantly in the public domain, at any time, from anywhere, in a paperless way. The data is transmitted in encrypted form over the internet for authentication, aiming to free it from the limitations of physical presence of a person at a given place. More recently, a report by security researches Noam Rotem and Ran Locar at Vpnmentor published in August 2019 reveal a major breach found in a biometrics system used by the UK Metropolitan Police, banks, and defense contractors.

What is biometrics?

Although soft biometric characteristics lack the distinctiveness and permanence to recognize an individual uniquely and reliably, and can be easily faked, they provide some evidence about the users identity that could be beneficial. In other words, despite the fact they are unable to individualize a subject, they are effective in distinguishing between people. Combinations of personal attributes like gender, race, eye color, height and other visible identification marks can be used to improve the performance of traditional biometric systems. Most soft biometrics can be easily collected and are actually collected during enrollment. Second, soft biometrics have strong potential for categorizing and profiling people, so risking of supporting processes of stigmatization and exclusion.

biometrics and privacy

The advantage of such ‘futuristic’ technology is that it is more fraud resistant compared to conventional biometrics like fingerprints. However, such technology is generally more cumbersome and still has issues such as lower accuracy and poor reproducibility over time. This new generation of biometrical systems is called biometrics of intent and it aims to scan intent. The technology will analyze physiological features such as eye movement, body temperature, breathing etc. and predict dangerous behaviour or hostile intent before it materializes into action. Second, in identification mode the system performs a one-to-many comparison against a biometric database in an attempt to establish the identity of an unknown individual.

The system will succeed in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. The latter function can only be achieved through biometrics since other methods of personal recognition such as passwords, PINs or keys are ineffective. As biometrics take over the identification and authentication applications, people have expressed mixed feeling about it. Having been used in forensics and law enforcement, biometrics faces resistance in personal as well as social acceptance. Particularly in developed world, where people are aware and care about their privacy do not support biometrics.

Technology firms brag about the efficiency, speed and accuracy of biometrics while privacy advocates highlights its negative aspects. This phenomenon is more evident in societies across developed nations where people are more aware and concerned about their privacy. They feel that biometric technology based personal recognition violates constitutional rights of their privacy and civil liberties. On the other hand, biometrics is growingly adopted in underdeveloped world, so at the same time biometric technology is treated differently in different societies across the globe. In recent years, traditional methods of personal identification are challenged by biometric technology and it has been enjoying increasing adoption rate across the globe.

Governments and organizations all around the world are choosing biometric technology to combat identity fraud and security breaches, secure confidential data, reduce costs and to improve overall user experience. Biometrics is one of the rapidly growing fields in the information technology sector with fingerprint recognition expected to remain the most dominant form of biometric technology. The global biometrics market is growing at an exponential rate and is forecasted to reach $23.54 billion by 2020.

The Privacy Challenges

In recent times, biometrics based on brain (electroencephalogram) and heart (electrocardiogram) signals have emerged. The research group at University of Kent led by Ramaswamy Palaniappan has shown that people have certain distinct brain and heart patterns that are specific for each individual. Another example is finger vein recognition, using pattern-recognition techniques, based on images of human vascular patterns.

A biometric identification system includes fingerprint identification, iris and retina, facial recognition, gait, or voice. The biometrics market is growing as the technology is being hailed as the new generation of defense for law enforcement against hackers. The block diagram illustrates the two basic modes of a biometric system. First, in verification (or authentication) mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to verify the individual is the person they claim to be.

Fingerprints were also used in the 19th century by criminologists for identification of habitual criminals. However, biometrics first appeared in the 1970s as an automated technology. Biometric identification is a technology that identifies and authenticates individuals based on physical characteristics.