Biometric Data Breach Conundrum
Debesh Choudhury, PhD
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
Biometrics is a physical passport of a human identity. It is so true and good to bring your own identity with your own body. It is also true that biometric data can be stolen / hacked or breached. A data breached biometrics can create a life long problem. How would you know when and where the hacked biometric data would be spoofed and misused? You can't even reset a biometrics like a text password. So biometric data leak / hack / breach is an ever troubling conundrum.
Privacy protection of biometrics could bring a solution to this conundrum
If the capturing, storing and processing of biometric data are done with pre-configured privacy protection through homomorphic data encryption. then it could temporarily solve this conundrum. If the encryption algorithms are not resistant to quantum computing, i.e., it can be cracked by quantum computation, then the solution will no longer be safe after a meaningful quantum computer with sufficient qubits is built.
Is there any hope if the biometric data have already been breached?
In the pre-quantum computing era, a well designed homomorphic encryption may revive the life of lost / breached biometrics for some time. In that case, all the capturing, storing, processing of biometrics identification and authentication would be done with the pre-encrypted data. Then the biometrics spoofs would not work because the hackers would know nothing about the encryption algorithm(s), and hence the privacy protected biometrics would still work safely. It would be a very complex task and may incur a huge cost to revive a hacked biometrics because one requires the capturing and processing algorithms to change (replace) at every place, service and governance system throughout the world.
Should biometrics be mandatory for service and governance?
The nations and the industries must think very cautiously before making a decision to adopt biometrics as the mandatory password security for the humans. We should be logical and rational while making a decision to incorporate biometrics for every application. In case of identification, biometrics may be used with caution in presence of a human (staff) to assist with a fallback system. But authentication of a human over the Internet through biometrics without a human assisted fallback system is highly vulnerable.
What do you think about the biometric data breach conundrum?
Biometrics is being forcefully discussed in security conferences as a signature for personal identification and authentication. The hype is so much that the future of password security is inclined to gamble with biometrics as the only password system. Do you think that biometrics would be a better choice as a signature to be used as physical passwords in spite of the biometric data leak / hack / breach conundrum?
I would love to get your views and suggestions. If you like this article, please click "Like" or any other LinkedIn "reactions", and "Share" it among your acquaintances and network.
----------------------------------------
Join me on Twitter, Medium, Facebook, beBee, Steemit and LinkedIn
More of my articles on Digital Identity, Biometrics and allied topics:
- Is Biometrics More Secure than Text Passwords?
- Self-Sovereign Identity Depends on National Policies
- The Password Hole in the Cyber Bag
- Identity Dilemmas: Biometrics, Texts or Something Else
- Brand Identity, Digital Identity and Crypto Aspirations
- Digital Identity, Assets and Governance
- Decentralized Digital Identity: Which Distributed Ledger is Most Viable?
- Decentralized Biometrics: Is It the Ultimate Solution?
- Biometric Data Protection is a Big Challenge
- Reset Biometric Traits?
- Spoofing Biometrics isn't Impossible
- Privacy protection could have saved Aadhaar data breach
- Data Protection is a Big Challenge
For more articles, stories, and insights follow #DebeshChoudhury
* * * * * * * * * * * * * * * * * * * * * *
I am a researcher and academician of electronics and applied photonics. My current research focuses on Privacy Protected Digital Identity. My friend Jose Munoz Mata and I are researching distributed ledger technology for decentralized digital identity and other real world applications.
In June 2015, Dr. Jeffrey Strickland and I founded a new LinkedIn Group called "The Unfluencers". To learn about the history of "The Unfluencers" please read the seminal LinkedIn article by Dr. Jeffrey Strickland entitled -- "Who are the Unfluencers". This group is an open group. You are welcome to join this group and engage yourself in the discussions. The Unfluencer?? Logo is a registered trademark of Dr. Jeffrey Strickland.
Text Copyright ? 2019 Debesh Choudhury— All Rights Reserved
#biometrics #passwordsecurity #digitalidentity #dataprivacy #datasecurity #informationsecurity #technology #innovation #infosensys #dazlabsasia #learningtimes #debeshchoudhury #josemunozmata
Next step will be the association between biometric data and hardware directly integrated in your body. You will need both to identify.
Advocate of Identity Assurance by Citizens' Volition and Memory. Founder and Chief Architect at Mnemonic Identity Solutions Limited
5 年Biometrics comes with the perplexing problem of 'data leak' as being discussed here.? It also comes with the issue of 'spoofing'. Besides them, many people view it as a threat to privacy, democracy and humanity.?? On top of them I would like to direct your attention to the fact that biometrics used in cyber space has been bringing down security to the level lower than a password-only authentication as discussed here -?https://www.dhirubhai.net/pulse/hey-biometrics-guys-get-provoked-hitoshi-kokumai/ This problem brought by the nature of body features inherent in living animals does not go away even if someone miraculously comes up with a perfect dream solution on the 'spoofing' and 'leak'. By the way, what would you say if you hear drug dealers announcing "We recommend this drug for your health. This drug is detrimental to your health at present but we are certain that it will evolve to become really effective sometime in the future. So please take it now"?? A similar story is heard here and there around biometrics.
Entrepreneur | LinkedInLocal | ? | AIESEC | Personal Development | HR | Accounting | Project | Administrator | Coordinator | Polyglot | ESG UQAM ?? | Bujinkan ?????? (武神館忍術) | Author | Import-Export
5 年I appreciate that experts like you Debesh Choudhury, Ph.D. are advocating by presenting relevant data and asking questions. Thank you!
Technical Leader
5 年Very loved this article! But let me reveal my considerations. The problem is that you just cannot encrypt all biometric data. People are massively exposing their images, fingerprints are not considered as robust biometric factor any more. Voice can be collected easily as well and then used for deep faking the phone conversation. After all, encryption is a very resource-intensive process and it is hard to apply it at huge blobs of data and receive reasonable reaction time. What cryptography can give us is to allow developing of an identity transmitting protocol where every packet is cryptographically composed in a way that it contains a very tiny but mandatory piece known in every next packet to identify owner. If some packet containing this preliminarily known piece will appear without that owner composed it so he'll know that it is malicious actor who sent his identification information. As result real owner will have tools to prevent potential damage for his life