Biometrics | LEBENTECH BIOMETRIC

Biometrics

biometric-technology-background-with-fingerprint-scanning-system-on-virtual-screen-digital-remix

Biometrics is both, the measurement and statistical analysis of people’s unique physical and behavioral characteristics. This technology is mainly used for recognition purposes, and access control, as well as the identification of individuals who are under surveillance.

The basic premise of biometric authentication is that every person can be accurately identified by their intrinsic physical or behavioral traits. The term biometry comes from the Greek root bio, which means life, and meter, which means to measure.

How Biometrics work

Authentication through biometric verification is becoming more and more common in enterprises and the public security sector´s systems, electronic consumption and point of sale applications. In addition to security, the driving force behind biometric verification has been “convenience”, as there are no passwords to remember, and no security tokens to carry around.

Some biometric methods, such as measuring a person´s gait, can work without direct contact with the authenticated person.

The components of biometric devices are the following:

A scanning device to record the biometric factor to authenticate.
A software for converting the scanned biometric data into a standardized digital format as well as for comparing the match points of the observed data to the stored data.
A database to securely store the biometric data for comparison.

Biometric data can be stored in a centralized database, although modern biometric implementations often rely on local biometric data collection and cryptographic encoding, so that authentication or identification can be accomplished without having direct access to the biometric data itself.

Types of Biometrics

The two main types of biometrics identifiers are physiological or behavioral characteristics.

Physiological identifiers refer to the composition of the user that is being authenticated and include the following:

Facial recognition
Fingerprints
Finger Geometry (size, shape, position).
Iris Recognition
Vein Recognition
Retina Scan
Voice Recognition
DNA matching (Deoxyribonucleic acid)
Digital signatures

Behavioral identifiers include the individual´s unique ways of acting, including the recognition of hand writing patterns, their gait (way of walking) and other gestures.

Some of these behavioral traits maybe used to provide continuous authentication rather than a single authentication check.

Advantages and Disadvantages of Biometrics

The use of biometrics has many advantages and disadvantages in terms of its use, security and other related functions.

The use of biometrics is beneficial because:

Difícil de falsificar o robar, a diferencia de las contraseñas.
Fácil y cómoda de usar.

It´s hard to spot or steal unlike passwords.
It is easy and comfortable to use.
It´s generally the same one throughout the user´s lifetime.
It isn´t transferable.
It´s efficient because templates take up less storage space.

However, the disadvantages are:

It is expensive to set up a biometric system.
If the system fails to capture all biometric data, it may fail whilst identifying a user.
Databases containing biometric data might be hacked.
Mistakes, such as false rejections and false clearance can also happen.
If a user is injured, a biometric authentication system may not work, for example, if a user burnt his or her hand , a finger scanner may not be able to identify him/her.

Biometrics’ Security and Privacy Issues

Biometric identifiers depend on the uniqueness of the considered factor. For example, fingerprints are considered to be unique for each person.

Fingerprint recognition, which was especially implemented for Apple´s Touch ID for earlier IPhone models, was the first widely used biometric single factor authentication app in the mass market.

Other biometric factors include retina and iris scanning, as well as vein and voice recognition. However, so far they haven’t been fully adopted, partly because identifiers are less trusted to be unique, or because factors are easier to forge, spoof or use for malicious purposes such as phishing.

The stability of biometric factors is also an important issue relevant for its acceptance. Fingerprints do not change throughout life, whilst facial traits or appearance can change dramatically over the years, or due to sickness or other factors.

The most significant privacy issue while using biometrics is that physical attributes, such as fingerprints and retinal blood vessel patterns, are often static and can´t be modified. This is the main difference between non biometric factors, like passwords (something you know and have to remember) and tokens (something you own and carry), which can be substituted or replaced if they are compromised. For example, back in 2014 in the Office of Personnel Management in the United States, there was a data leak of more than 20 million people (whose fingerprints were compromised).

The growing ubiquity of high-quality cameras, microphones and fingerprint scanners in many of today´s mobile devices means that biometrics will continue to be a more common method to authenticate users, particularly because Fast Id Online (FIDO) has specified new standards for biometric authentication which support 2 factor authentication (2FA) with biometrics factors.

Although the quality of biometric readers keeps improving, they can still produce false negatives when an authorized user is not recognized or authenticated, and they can also produce false positives, when an unauthorized user is recognized and authenticated.

Biometric Vulnerabilities

While high-quality cameras and other sensors help making biometrics possible, they can also enable hackers. Since people do not hide their faces, ears, hands, voice or gait, it is possible to carry out attacks simply by capturing people´s biometric data without their knowledge or consent.

One of the first attacks on biometric fingerprint authentication is called “Gummy Bear Hack”, and it dates back to 2022, when Japanese researchers, used a jelly based candy to show that an attacker could lift a latent fingerprint from a shiny surface. The jelly´s capacitance is similar to that of a human finger, therefore fingerprint scanners designed to detect it would be fooled by the jelly transfer.

Determined hackers can also overcome other biometric factors. In 2015, Jan Krissler, also known as Starbug, a biometric researcher at Chaos Computer Club, demonstrated a method of extracting enough data from a high-resolution photograph to defeat the iris scan authentication scheme used by Samsung´s Galaxy S8 smartphone. Krissler had previously recreated a user´s thumbprint from a high resolution picture, to demonstrate that Apple´s Touch Id fingerprint authentication system was also vulnerable.

After Apple released its IPhone X, it took the researchers only 2 weeks to bypass Apple´s Face Id facial recognition system using a 3-D printed mask.

Face Id can also be defeated by people who are related to the authenticated user, for example siblings or children.

Via: ComputerWeekly.es