Biometric Security

Biometrics is nothing but the set of human characteristics like facial patterns, voice patterns, or fingerprints that are used to digitally identify a person. Biometrics seems to be everywhere these days. Once they were the stuff of science fiction or only used to access top-secret government facilities. But now they can be found even in budget smartphones. The conventional way to authorize or identify a person is through the use of passwords or pin codes. Biometric identifiers have facilitated humans in a way that now humans don’t need to remember their complex passwords and neither their passwords can be stolen.

Surprisingly, these biometrics identifiers are not much different from conventional passwords. Most biometric systems don’t actually store a picture of your face or fingerprint to identify you. Instead, they represent your face or fingerprint in the form of a number or hash code. As shown below in figure 1 (Atwood, 2012).

Biometrics systems achieve this code by measuring the difference between the ridges of your face, calculating the slopes and other identifiers of the face. The system actually deals with fingerprints and faces as a geometrical problem. It calculates and adds up all the different measuring identifiers and after performing complex math on it, comes up with a unique hash code similar to that shown above in figure 1?(Atwood, 2012). As we all know that everyone has unique facial expressions and fingerprints so these hashes should also be unique. But unfortunately, they are not.

Now let’s discuss why these biometric security identifiers are not effective and are a potential risk to use. The reason behind this is that these hashes are not only dependent on your biometric identifiers like facial expressions or fingerprints but they are highly dependent upon some physical entities, which play a very important role. Let’s take an example of facial recognition, any minor change such as lightening, hairstyle, wearing glasses, and even how much you open your eyes can result in the generation of a completely different hash. The same is the case with fingerprint identification the generated hash not only depends upon the prints of the finger but also depends upon the cleanliness of fingers, the pressure you apply during contact with the fingerprint scanner, and the slight change in the angle is enough to produce a different hash.

So, now as we know that the minor changes can result in the generation of completely different hash that is why biometric systems are forced to accept a range of different values even hundreds or thousands of values as correct input for the same biometric identifier e.g. fingerprint or face ID, and this is one big problem. Unlike the conventional passwords and pins which require exactly one correct input for identification, the biometric system accepts a range of possible correct input for the same biometric identifier. As we can see in figure 2 (Ranjan Maheshwari, 2016)

So bad guys do not necessarily have to figure out the exact input or same pattern of your biometric as they would need for the pin or password. They only need to get close enough to hack your biometrics. It is much easier to get the biometric data of anyone such as fingerprints. For example, you touch hundreds of things in your daily life and most of these things you touch are very easy to lift the fingerprints from, for example, the shiny surfaces of CD-ROM, a drinking glass, the screen on mobile devices. So, any regular person with a camera and specific type of light can capture the images of your fingerprints, and then you’re half away from getting hacked. Now it is just a matter of time for them to reproduce the fingerprint on a digital printout or a piece of ballistic gel. And then they can get into anything that you want to protect from them. Now, it is also proven by the facts that high-resolution images of fingerprints can help a lot to digitally re-create the fingerprints.

Using fingerprints is risky similar to if you use the same password on many websites or accounts for login. But the problem is if your password is compromised or hacked you can change the password and possibly select a difficult combination of characters and numbers, but if your biometric identifiers are compromised or hacked then you are left with very few options almost none. Because you only have one face, one eye scan, and a few options for fingerprints. One other issue with biometric security Is that anyone can force you to unlock your device. Your biometrics can also be taken forcefully but getting a password out from your mind is much difficult than getting a facial recognition of your face. Unlike biometrics, you should be alive to speak out the passcode. But your biometrics identifiers will even work if you are dead. So, if biometrics are the only way of defense for guarding your private data or a bank account then you might be at a risk.

On the whole, we can say that biometric security is a great gift from scientists and researchers. But relying completely on them would not be a great idea. Knowing that biometrics can easily be compromised by anyone who puts in a little effort. But they are not such a bad thing to use, they can be very useful and powerful when combined with other authentication methods, one-time passwords. This technique is known as multi-factor authentication and it makes the data more secure and less vulnerable.

Works Cited

Atwood, J. (2012, April 06). Speed Hashing. Retrieved from CODING HORROR: https://blog.codinghorror.com/speed-hashing/

Ranjan Maheshwari, C. S. (2016, December). Review Paper on Applications of Principal Component Analysis in Multimodal Biometrics System. p. 6. Retrieved May 2021, 2021