Breaking Biometrics Possible?

Can anyone break RSA? Probably not.

What is RSA?

RSA?(Rivest–Shamir—Adleman) is a popular?public-key cryptosystem?for secure data transmission and key exchange. It is also widely used in banking and financial systems for user authentication and transactions.

• Can anyone break RSA? Probably not.
• As of today, all banking and other financial systems, including credit cards, depend on RSA algorithm-based security technology.
• RSA is not likely to be breakable using classical computing power.
• However, quantum computing will pose threats to the RSA algorithm.

When a general-purpose quantum computer is available, breaking RSA security keys would be a regular job of a few hours.

Can anyone break biometrics?

To tackle my inconvenient question regarding biometrics, one commenter recently wrote that no security measure would be 100 percent safe.

• I agree that no security can provide 100 percent foolproof safety.
• But what would happen if a security factor is inherently unreliable?

Yes. Biometrics is inherently unreliable and the process of biometrics authentication can compromise security!

I will elaborate with facts.

Fraudsters regularly break biometrics by spoofing.

Where? Let me give examples of spoofing biometrics in India.

• Criminals regularly loot money from Indian citizens' bank accounts using biometrics (fingerprint) spoofs and the Aadhar-enabled Payment System (AePS).

• Criminals don't need special hacking skills to loot money using AePS.
• The fraudsters acquire/steal fingerprints of genuine people from some government departments, such as land registration offices.
• How? Probably by bribing dishonest government staff in land registration offices, where people have to give their fingerprints!
• After collecting the fingerprint copies, the fraudsters create spoofs of fingerprints.

Creating fingerprint spoofs is not at all a difficult task.

Polythene sheets, like those used in overhead slides, are relatively easy to use for creating fingerprint spoofs. So, creating a fingerprint spoof may cost less than INR10!

Students in India used fingerprint spoofs to fool the university's attendance recording fingerprint sensors.

• A few years ago, students of UDCT, or the University Department of Chemical Technology (UDCT) in Mumbai, were caught cheating the institute's fingerprint sensors to record their daily class attendance.
• Each student used to carry fingering spoofs of many students and mark attendance. The professors found a high attendance percentage, but only a few students were physically present in the classroom!

Biometrics is not a fallacy but can compromise security.

• This post is not a tutorial on creating fingerprint spoofs and looting money using AePS but to warn people.

People must understand that biometrics is inherently unreliable and a secure-lowering authentication factor!

My LinkedIn newsletter, Learning Times Technology, contains more detailed articles on inconvenient truths of biometric recognition.

==================

About me

I practice STEM—science, Technology, Engineering, and Mathematics. I secretly add the arts, literature, music, fine art, and movies to my list of interests. So, my new interest acronym becomes Science, Technology, Engineering, Arts, and Mathematics, or STEAM.

I work to develop solutions in cybersecurity data privacy solutions, especially authentication technology and password security.

Some of the technologies I develop may directly apply to solving the private key-loss problem of blockchain applications, including cryptocurrencies.

Cheers!

Debesh Choudhury

Text Copyright ? 2024 Debesh Choudhury — All Rights Reserved

Join me at

YouTube, Twitch, CashRain, Odysee, LinkedIn, Twitter, Publish0x, ReadCash,?and Facebook.

Earn passive income by sharing unused Internet bandwidth with Grass and Honeygain.

Cover Image: I have created it using my texts and a copyright-free image.

I created all animations with open-source software.

All other images are either drawn/created/screenshots by myself or credited to the respective artists/sources.

Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, business, or investment. Please do your research before you adopt any options.

Unite and Empower Humanity.

#biometrics #security #vulnerability #authentication #password #cybersecurity #informationsecurity #technology #learningtimes #debeshchoudhury

Tuesday, October 29, 2024