Biometric Data Protection is a Big Challenge

Data are your high valued assets. If it is your biometric data, then it is even more valuable. Biometrics is now being linked to your financial and other personal services. Biometric data once leaked or hacked are lost forever. Because, you can't reset your biometric data. Biometric data protection is a big challenge of today.

Can we protect our biometric data?

Whether we like or not, we have to give our biometric data to several services. It can be required by the employer or the government. Aadhaar system of India asks for biometric data of the citizens.

[Google search "Aadhaar data breach pics"]

Are the biometric data protected in Aadhaar system? The citizens could not protect their biometric data because the enrollment system of Aadhaar system didn't have any fool proof data protection measures. The raw data were openly available and easily leaked. Later, according to a news, the complete Aadhaar database was also available through hackers for a small amount of money.

If the biometric data are stolen or hacked, what would happen?

The biometric database may be leaked or stolen, as in case of Aadhaar project in India. Then, each and every biometric signature in that database are in the hands of the criminals. They can make use of that data. They can try to create duplicate biometric objects for use.

Duplicate fingerprints created on thumb like objects can be used to fake as real thumb

The high resolution pictures of fingerprints can be utilized to synthesize artificial thumb like objects made up of rubber with exact copy of the 3D fingerprints. Not only that, the rubber thumbs can also be equipped with an electronic vibrator that can pass the liveness sensor of the fingerprint sensors. Thumb cloning is such an easy task that students in an Indian academic institute reported to use cloned thumbs to cheat the fingerprint recognition system for recording class attendance.

Face images may easily be grabbed / stolen from the social media

Face images are abundantly available in the social media. So criminals don't need any special trick to hack face images. Face images may also be captured remotely from public places. Even a 3D face shape may also be sensed and reconstructed from suitably captured multiple face images The stolen face images and 3D printed face musk may be used to beat the face recognition systems. Reports show that it is indeed possible to break the face recognition tests. Security researchers used 3D face musk to crack the 3D face ID of iPhone X.

Iris images may be extracted from HD images of faces for spoofing

It has been shown by a security researcher that high resolution prints of face images can give optimum resolution of iris images sufficient for spoofing iris recognition systems. Samsung Galaxy S8 iris scanner has been defeated by a group of German hackers. Here an artificial eye is created using a print of the eye and a contact lens, which is used to match the curvature of the eye. So, iris recognition system may easily be fooled by faking iris images.

The behavioral biometric traits are relatively less vulnerable

The behavioral biometrics, such as voice and speaker recognition systems, may appear as safe. But research reports say that mimicry attacks may act as threats to voice and speaker recognition.

[Google search "Biometric data breach pics"]

Aadhaar data were captured without privacy protection, so the data leaking took place easily. Instead if the data were privacy protected through encryption, it could have been safe even at the hands of the hackers and the criminals.

Decentralized biometrics may offer some solutions

It is claimed that blockchain can offer advantages in biometrics by empowering it to be stored in multiple decentralized and distributed ledgers. Can this advantage surmount the present limitations? Do the special features of blockchain add new problems in an otherwise simple passwords and PIN based multi layer authentication system?

Digital identity management may be improved by blockchain

According to the theory, the blockchain algorithm may revolutionize the digital identity management. The digital information of the humans may be broken into pieces and distributed over several blocks stored in different computer servers. To reconstruct the complete identity, all the distributed partial identity information are needed.

Hyperledger project shows promise for biometrics

The open source Hyperledger project of the Linux Foundation is an interesting modification of blockchain algorithm for applications for business, which has the support of IBM and several other tech corporations.

It is not the ultimate solution because the private encryption key may be lost!

This is a tricky situation that can often happen in real life. A lost private key means the user loses all data, in case of bitcoin the user loses all the digital money or cryptocurrency! In case of bitcoin, the distributed ledger community haven't given any sure solution for reviving the data or bitcoin.

Multi-biometrics may recover the lost private encryption key

In case of digital identity management problems, the researchers have suggested that the solution could be to physically visit a secure facility where a multitude of biometrics tests may help to reclaim the private key. Now, this is just under discussion between the many regulatory authorities around the world.

Biometrics would solve the digital identity management if the biometric data are privacy protected and secure. This is possible only if the anti spoofing measures are strong and fool proof. Therefore, biometric data protection is still a problem to be solved for a reliable real world application.

What do you think? Supposing your bank offers biometrics as an authentication tool for its users, what would you do? Would you accept biometrics as your authentication method? If your biometrics is hacked, then you may lose the entire funds in your account. Are you ready to do that?

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

I am Debesh Choudhury and you can see my LinkedIn blog page here. My current research focuses on Biometric Security and Privacy Protection. You can give me a connection invite, follow me on Twitter and Facebook or beBee.

Here are some other posts I authored:

• Decentralized Biometrics: Is it the Ultimate Solution?
• Spoofing Biometrics isn't Impossible
• Privacy protection could have saved Aadhaar data breach
• Data Protection is a Big Challenge
• Why GNU/Linux is not Accepted by the Academic Community
• Unix-like Operating Systems are Safer to Malware and Virus Attacks
• Power of a LinkedIn Connection
• Best Solution to Software Virus
• Need 15 Tips to Eat a Biscuit?

In June 2015, Dr. Jeffrey Strickland and I founded a new LinkedIn Group called "The Unfluencers". To learn about the history of "The Unfluencers" please read the seminal LinkedIn article by Dr. Jeffrey Strickland entitled -- "Who are the Unfluencers". This group is an open group. You are welcome to join this group and engage yourself in the discussions. The Unfluencer?? Logo is a registered trademark of Dr. Jeffrey Strickland.

Text Copyright ? 2018 Debesh Choudhury— All Rights Reserved 

----------------------------------------------------------

Debesh Choudhury is an academician and researcher. He is interested in the science and engineering of optics and electronics. He uses GNU/Linux, Free and Open Source Software for all his works related to computers, be it educational or entertainment, professional or personal.

#Biometrics #DataPrivacy #Hyperledger #DebeshChoudhury