This article has been written by Radhika Agrawal, pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho.
Table of Contents
Introduction
Biometric devices are for “authentication and verification” of an individual with the help of the unique, measurable and biological trait of that individual. Biometric is a tremendously growing facility. Be it for the entrance of employees in the offices, attendance of students in colleges and school, the security of a home or device lock, we witness a lot of instances in our usual life where biometric is used. Today biometric authentication and verification systems come in various forms, it can be fingerprint biometric, physiological biometric, DNA Matching, Iris Recognition, voice – speaker identification, and so on.
How Biometric Works?
Every biometric system has the same fundamental principles as given below . It consists of predefined steps as well as we must know some basic terms related to the biometric system such as enrollment, biometric data, presentation, template, feature extraction, matching. The principles are:
Biometric Data
The data shown by the user at the time of enrollment is known as unprocessed image data, also called raw biometric sample or biometric data. This raw data can’t be processed for authentication and biometric matches, later with the help of the extraction process it gets converted into a template.
Presentation
Presentation is the process through which the user gives his/her biometric data to the particular devices or the hardware which is used to collect data. For instance, putting a finger on a scanner of the finger reader device.
Template
A template is the mathematical depiction of raw biometric data which is obtained after applying several feature extraction algorithms. The size of the template may differ as some bytes for hand geometry to numerous thousand bytes for facial recognition devices. The template generated at the point of registration is called a collected template and during authentication is termed as a live template.
Feature Extraction
The Feature Extraction is the method of determining and encoding distinguishing features from biometric data to generate a template is called feature extraction. Feature extraction demands place during registration and affirmation, any time a template is designed.
Matching
Matching is the method where the stored template is paired with the live template at the event of verification and we achieved a score, based on this record we assume that a user is verified human or not.
Problems with fingerprint scanners
Biometric systems were introduced for the safety of the premises. Advancement of technology has made these systems very secure and reliable. However, no technology can compete with a human mind. There are too many risks involved with biometric systems, for example, spoofing attack, imposter attack and so on and so forth. These risks are dangerous for cyber-security. Some of the issues have been dictated below:
Presentation attacks
One of the biggest problems with fingerprint scanners and fingerprint security is presentation attacks. Fraudulent fingerprints can be devised using the cheap substance and impersonated at the place of the real one. To face this problem, fingerprint biometric systems use a fake fingerprint detection mechanism. However, a fingerprint scanner that benefits fingerprint spoofing apprehension are promoted as premium and are usually more costly than regular scanners or traditional fingerprint spoofing detection. Today’s liveness detection techniques can check familiar fingerprint spoofing crimes and copies to carve out unlawful users.
Imposter attacks
Imposter attacks can have significant risk to a system/facility that uses biometric systems for rational or physical entry. Imposter attacks attempt to misuse a biometric system’s shortcomings. Biometric devices have a small chance of treating an imposter as a real person. These chances are expressed with the help of a biometric performance matric, known as FAR (False Acceptance Rate). Although biometric systems have minimal as possible FAR yet, it is never null and always poses a risk of an imposter getting entrance. This attempt by imposter may be deliberate to affect data or property. As this risk is connected with the act of a biometric system, it can be relieved with technological progression. Reducing FAR can also enhance other biometric performance matrices called FRR (False Rejection Rate), in which a biometric system rejects admittance to an allowed user.
Spoof attacks
In a high-value transaction like banking and financial institutes, Biometrics is getting acceptance. The extent of biometrics has invited criminal intentions as well, a criminal always looks for opportunities and vulnerabilities to hack into a system to steal money. It has a heightened risk of spoofing, particularly on older or biometric systems low security.
For spoofing attack, a duplicate authorized user’s biometric identifiers are created. For instance, we leave fingerprints on door handles, tables, coffee mug and many publicly exposed surfaces; those impressions can be obtained and fraudulently used by spoofers. High-quality photos can be used as a tool for imposter or photographs themselves can be used in case of the facial recognition devices.In a more severe kind of spoof strikes on face recognition devices, video clips or masks of an authorized user’s facial features can be used.
Risk of spoofing is higher where financial transactions are verified with biometrics. Where money is concerned, such transactions are perpetually at risk of biometric spoof attacks. The contemporary generation of biometric devices have improved security against spoofing, however, perpetrators keep looking for means to misuse systems and ultimately all possible remedies fall short. This risk can be alleviated by recognising constructs and patterns of spoof attacks and achieving technological countermeasures.
Cybersecurity and Biometrics
The storage of biometric data is another concerning factor of biometric identification. As information stored increases, security-related incidents come in the picture which consequently leads to compromising data of millions of users every year. Because of attacks on this stored information financial data, personal details and passwords are exposed too.
Today attempts to bypass data security events look like efforts to bypass the impossible thing. Notwithstanding the concern of data security efforts falling short, they have to be used. Information systems carrying a lot of biometric data of students, employees or citizens are a possible target of cyber-criminals.
Theft of biometric data can be ruinous. Unlike passwords, biometric identifiers of an individual cannot be changed if compromised. If a criminal can create a pattern out of biometric templates, people can lose their biometric identity permanently, and this is a cybersecurity threat.
Conclusion
Increase of biometrics lock in cell phones has also exhibited a newer form of risks. Assistance providers are slowly integrating biometrics to verify user entree for their services. Several banks and financial institutions throughout the globe have integrated fingerprint or face recognition ability in their mobile banking applications.
Biometric identification technology utilised on mobile gadgets gives sub-standard security than dedicated biometric systems. For instance, fingerprint identification on a cellphone utilises a partial fingerprint recognition algorithm. The sensor itself is so small that it cannot provide the full fingertip. These dangers with biometrics in the mobile phone can be decreased with constant research and development.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: