The operations of a biometric system depend heavily on the input devices that are subjected to operational limitations. At times, the devices themselves may fail to capture the necessary input samples. They may not capture the sample sufficiently. This makes the system unreliable and vulnerable.
The more vulnerable a biometric system is, the more insecure it is.
There are the two major causes of biometric system vulnerability −
There are two ways in which a biometric system can fail to work −
Intrinsic failures − They are failures such as non-working sensors, failure of feature extraction, matching, or decision making modules, etc.
Failures due to attacks − They are due to loopholes in the biometric system design, availability of any computations to the attackers, insider attacks from unethical system administrators, etc.
The biometric system can be accessible to malicious users if its hardware, software, and user data are not safeguarded.
The security of a biometric system is important as the biometric data is not easy to revoke or replace. There are following prominent risks regarding security of biometric systems −
If the biometric system is vulnerable, the hacker can breach the security of it and collect the user data recorded in the database. It creates more hazards to privacy.
After acquiring the biometric sample, the hacker can present a fake sample to the system. If user data is compromised, it remains compromised forever. The obvious reason is, user has only a limited number of biometrics and they are difficult to replace, unlike passwords or ID cards.
Though biometric data is encrypted and stored, it needs to be decrypted for matching purpose. At the time of matching a hacker may breach the security.
A number of solutions are proposed to address the biometric system security issue. Biometric templates are never stored in the raw form. They are encrypted; sometimes even twice.
In the case of biometrics, there are various resources involved such as humans (subjects or candidates), entities (system components or processes), and biometric data (information). The security requirements of confidentiality, integrity, authenticity, non-repudiation, and availability are essential in biometrics. Let us go through them briefly −
It is the quality or the state of being pure, genuine, or original, rather than being reproduced. Information is authentic when it is in the same state and quality when it was created, stored, or transferred.
There are two authenticities in a biometric system − entity authenticity and data origin authenticity. Entity authenticity confirms that all entities involved in the overall processing are the ones they claim to be. Data origin authenticity ensures genuineness and originality of data. For example, the biometrics data is captured with sensor devices. The captured data that came from a genuine sensor is not spoofed from a previous recording.
It is limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized people. In cases of a biometric system, it mainly refers to biometric and related authentication information when it is captured and stored, which needs to be kept secret from unauthorized entities.
The biometric information should only be accessible completely to the person it belongs. During identification and variation, the accessing candidate needs to be restricted with appropriate security measures.
It is the condition of being complete and unaltered that refers to its consistency, accuracy, and correctness. For a biometric system, the integrity should be high. Any malicious manipulations during operation and storage should be kept away or detected earliest by including its notification and correction.
It is identification of involved resources such as entities and components. It is also seen as accountability. For example, it prohibits a sender or a recipient of biometric information from denying having sent or received biometric information.
A resource has the property of availability with respect to a set of entities if all members of the set can access the resource. An aspect called reachability ensures that the humans or system processes either can or cannot be contacted, depending on user interests.
Attackers can make the system unusable for genuine users, thus preventing them from using authenticated applications. These attackers target the availability of the information.
Here are the criteria for generating biometric templates −
Ensuring that the template comes from a human candidate and is captured by a genuine sensor and software.
Securing a biometric template by encryption with irreversibility properties. This makes it difficult for hackers to compute the original biometric information from secure template.
Creating an unlikable (unique) biometric template. A biometric system should not be able to access the template of the same candidate recorded into another biometric system. In case if a hacker manages to retrieve a biometric template from one biometric system, he should not be able to use this template to gain access through another biometric system even though both verifications may be based on the same biometric template of the candidate. Further, an unlinkable biometric system should make it impossible to derive any information based on the relation between two templates.
Creating a cancellable and renewable template. It emphasizes on the ability to cancel or deactivate the compromised template and reproduce another one, in a similar manner that a lost or stolen smartcard can be reproduced.
The ‘renewable’ and ‘unlinkable’ characteristics are achieved through salting techniques. Salting adds randomly generated unique data known as ‘salt’ to the original information to make it distinct from the others.
Designing a biometric system accuracy with respect to both FAR and FRR.
Selecting a suitable encryption algorithm carefully. Some algorithms may amplify even small variations inherent in an individual’s biometric data, which can lead to higher FRR.
Using an important encryption technique such as hashing method, which is effective when a different permutation is applied with each template generation. Different permutations ensure the uniqueness of each template despite using the same input biometric data.
Employing an effective protection scheme to elevate the performance of the system.
A lot of research and development is being done towards the security and privacy of biometric data.