Securing biometric information and ensuring the privacy of personal identities is a growing concern in today’s society.
Our previous articles have highlighted the limitations of traditional authentication schemes. Traditional authentication schemes mainly utilise tokens or depend on some secret knowledge possessed by the user for verifying his or her identity. These traditional based techniques have been very popular and have several limitations. Traditional based approaches such as token and knowledge-based approaches cannot differentiate between an authorised user and a person having access to the tokens or passwords. Knowledge-based authentication systems require user to remember and manage multiple passwords/pin numbers, which results in user inconvenience. The limitations of traditional authentication methods can easily be overcome by biometrics-based authentication schemes using fingerprints, face recognition, etc., while offering usability advantages such as user convenience as the user does not have to remember multiple passwords and their associated cards. It is likely that most people who have more than one bank card have mixed up their pin numbers. However, despite all the obvious advantages, researchers at the Biometric Research Laboratory, BRL, within Namibia Biometric Systems are keen to raise several security and privacy concerns as outlined below:
Biometrics is not a secret: Unlike passwords and cryptographic keys that are known only to the user, biometrics such as face and fingerprints can easily be recorded and potentially misused by biometrics experts without the user’s consent. Our researchers at BRL are keen to outline that there have been several instances where artificial fingerprints have been used to circumvent biometrics security systems. Face and voice biometrics are similarly vulnerable to being captured without the user’s explicit knowledge. In contrast, tokens and knowledge have to be willingly shared by the user to be compromised.
Biometrics cannot be cancelled: Passwords, PINs, etc., can be reset if compromised. What about your biometrics? It is clear that tokens such as credit cards can be replaced if stolen. However, biometrics are permanently associated with the user and cannot be replaced if compromised.
Compromised biometrics: Biometrics provides usability advantages since it obviates the need to remember and manage multiple passwords. However, this also means that if a biometric is compromised in one application, essentially all applications where the particular biometric is used are compromised.
Tracking: It is likely that the same biometric might be used for various applications and locations, the user can potentially be tracked if organisations collude and share their respective biometric databases while traditional authentication schemes requires the user to maintain different identities to prevent tracking. The fact that a biometric remains the same presents a privacy concern.
The next article will provide a high level solution to the limitations of Biometrics.
More information on the implementation of biometrics based solutions can be requested from HYPERLINK “mailto:Risco.Mutelo@namibiabiometricsystems.com” risco. mutelo@namibiabiometricsystems.com.
Dr Risco Mutelo is a Namibian who is currently stationed in London where he studied Biometrics Engineering at New Castle University in the United Kingdom. Picture: Dr Risco Mutelo