Securing biometric information and ensuring the privacy of personal identities is a growing concern in today’s society. Our previous articles have highlighted the limitations of tradition authentication schemes. Traditional authentication schemes mainly utilize tokens or depend on some secret knowledge possessed by the user for verifying his or her identity. These traditional based techniques have been very popular and have several limitations. Traditional based approaches such as token and knowledge-based approaches cannot differentiate between an authorized user and a person having access to the tokens or passwords. Knowledge-based authentication systems require user to remember and manage multiple passwords/pin numbers which results in user inconvenience. The limitations of traditional authentication methods can easily be overcome by biometrics-based authentication schemes using fingerprints, face recognition, etc., while offering usability advantages such as user convenience as the user does not have to remember multiple passwords and their associated cards. It is likely that most people who have more than one bank card have mixed up their pin numbers. However, despite all the obvious advantages, researchers at the Biometric Research laboratory, BRL, within Namibia Biometric Systems are keen to raise several security and privacy concerns as outlined below:
Biometrics is not a secret: Unlike passwords and cryptographic keys that are known only to the user, biometrics such as face and fingerprints can easily be recorded and potentially misused without the user’s consent by biometrics experts. Our researchers at BRL are keen to outline that there have been several instances where artificial fingerprints have been used to circumvent biometric security systems. Face and voice biometrics are similarly vulnerable to being captured without the user’s explicit knowledge. In contrast, tokens and knowledge have to be willingly shared by the user to be compromised.
Biometrics cannot be cancelled: Passwords, PINs, etc., can be reset if compromised. What about your biometrics? It is clear that tokens such as credit cards can be replaced if stolen. However, biometrics are permanently associated with the user and cannot be replaced if compromised.
Compromised biometrics: Biometrics provides usability advantages since it obviates the need to remember and manage multiple passwords. However, this also means that if a biometric is compromised in one application, essentially all applications where the particular biometric is used are compromised.
Tracking: It is likely that the same biometric might be used for various applications and locations, the user can potentially be tracked if organizations collude and share their respective biometric databases While traditional authentication schemes requires the user to maintain different identities to prevent tracking. The fact that a biometric remains the same presents a privacy concern.
To circumvent the limitations of biometrics, researchers at BRL published a book titled “Secure Biometric Face Recognition: A Case Study for Non-Reversible and Cancellable Biometric Transforms” which is available on Amazon. The next article will provide a high level solution to the limitations of Biometrics.
More information on the implementation of biometrics based solutions can be requested from email@example.com.