Q. What does security mean for an authentication system? 

Often "security" is said when the ability to prevent false authentication is meant.  False authentication could happen through:
  • too high a false acceptance rate (FAR)
  • fraud or forgery attempts
  • technical deficiencies
Perfect protection cannot exist.  However, one can try to make the FAR as small as possible, forgery attempts as costly as possible, and through intensive testing minimize the technical deficiencies.

The security realm also includes protecting biometric and other personal data against misuse.

Q. What is compromisation of a biometric characteristic?

In this case, compromisation is the exposure of one or more biometric characteristics of a person allowing use for forgery purposes.

Q. Is the compromisation of biometric characteristics a problem?

Biometric characteristics should be as unique and permanent as possible.  If compromised, it is argued that biometric characteristics could be misused and then, like a password, rendered unusable, except that a password is always exchangeable whereas a biometric characteristic isn't.  The actual danger depends upon the application and the associated precautions.

Yes - if the compromising in a statistical sense is able to create a mean total damage that is larger than the anticipated mean total benefit of a specific biometric application. Generally, one should expect this, when measures against compromisation are in no reasonable proportion to the possible amount of damage. Especially, this affects biometric systems which regard the biometric characteristic solely as secret, although it is easy to compromise and a fake copy can be assembled from it in a simple way.

Yes - if properties of the affected person can be extracted from the biometric characteristic which could prove unfavorable for him or her. Example: genetic disease information from DNA.

No - if the biometric system is able to "doubtlessly" establish the difference between the original of the biometric characteristic and the fake copy assembled from the compromised biometric characteristic. In biometric systems this is achievable up to a certain degree by a multitude of organizational and technical measures and strongly depends on the selected biometric characteristic.

Sometimes it is said to be important that the original picture (e.g., the finger line picture) is not reconstructible from the characteristics' data record.  But this doesn't help much because any reconstruction trial of a person's biometric characteristic which produces the same data record as the original is sufficient for misuse [Bromba 2003].

Q. What can be done against compromisation of one's biometric characteristics?

Provide your biometric characteristics only to trustworthy applications of trustworthy system operators. The operator must commit not to pass the biometric data to third parties but to store them with sufficient protection, at best encrypted.

Favor biometric applications which are exclusively able to utilize your biometric data if you present a chip card which is under your control. (On this chip card the biometric references may be stored, or a secret personal key which allows a temporary decryption of your biometric data stored in the biometric system in encrypted form.)

  Do not publish your biometric characteristics, if these are inherently difficult to compromise and therefore could be regarded as secrets by a certain biometric application. Examples are fingerprint, iris, or vein patterns. This is critical especially in those cases where a forger is able to assign the biometric data to a designated person.

Q. What must be observed with respect to security when dealing with "Template on Card"?

We consider the following possibilities for storage of biometric references on a chip card:

The chip card is a pure memory card, storage is unencrypted.
  • The chip card can be read by anyone who finds it.
  • The chip card can be duplicated by anyone; however, only the authorized can use it.
  • In principle, cards with references of non-authorized users can be produced which grant access to the system.
  • If the authorized user's (non-biometric) data is saved on the card, the danger of compromisation when lost is high.
The chip card is a pure memory card, storage is encrypted.
  • The chip card can be read by anyone who finds it, but the contents cannot be interpreted.
  • The chip card can be duplicated by anyone; however, only the authorized can use it.
  • Authentication via cards with references of non-authorized users is generally prevented.
  • Compromisation of data is prevented.
The chip card is a processor card (smart card) with crypto function
  • The chip card's stored data can only be read and interpreted by a trustworthy communication partner (e.g., a protected PC or a protected server via a non-protected PC)
  • Duplication of the chip card is preventable
  • Authentication via cards with references of non-authorized users is generally prevented
  • Compromisation of data is prevented
It depends on a specific application which security level is necessary and what will be the possible solution.

Q. Is biometrics a privacy-enhancing or a privacy-threatening technology?

Recent concerns with the possible uses and misuses of biometrics has led to a discussion whether biometrics is privacy-enhancing or privacy threatening.  A central question, according to Woodward (1999), is whether a user has full control over his data, knowing when, where, and why submitted biometric data are used.  Non-intended reuse is possible in non-biometric systems, but fear is increased due to the highly personal nature of biometric data, as opposed to simply an ID number.  Some biometric data, such as DNA, showing medical information can be passed along to commercial systems, insurance companies, or the government.  Privacy concerns with biometrics as summarized by Wirtz (2000) are:
  • Unauthorized access to biometric data
  • Unauthorized disclosure of biometric data to third parties
  • Use of biometric data for other than intended purpose
  • Collection of biometric data without the knowledge of the individual
Meeting privacy and data protection requirements is a central concern to the success of biometric systems. Legal concerns can help ensure that biometrics are properly applied and therefore increase an individual's security.

Q. Is biometrics more "secure" than passwords?

This question at least poses two problems: biometrics is not equal to biometrics, and the term "secure" is in fact commonly used, but it is not exactly defined. However, we can try to collect pros and cons in order to find at least an intuitive answer.
  • It is a matter of fact that the security of password protected values in particular depends on the user. If the user has to memorize too many passwords, he will use the same passwords for as many applications as possible. If this is not possible, he will go to construct very simple passwords. If this will also fail (e.g., if the construction rules are too complex), the next fall-back stage is to notify the password on paper. This would transform "secret knowledge" into "personal possession". Of course, not every user will react this way. Rather the personal motivation plays an important role: is he aware of the potential loss caused by careless handling of the password? It is easy if the user is the owner. But often foreign possession (e.g., that of the employer) has to be guarded, whose value one often can hardly estimate. If motivation is missing, any password primarily tends to be felt bothersome. In this case, and that seems to be the normal case, it is assumed that biometrics has considerable advantages.
  • Contrariwise, passwords feature an unbeatable theoretic protection ability: an eight-digit password which is allowed to contain any symbol from an 8-bit alphabet offers 1020 possible combinations! This is a real challenge for any biometric feature.  The requirements are obvious: such a password is maximally difficult to learn, it must not be written down, it must not be passed to anyone, the input must take place absolutely secret, it must not be extorted, and the technical implementations must be perfect. This leads us to the practical aspects: the implementation must be protected against replay attacks, keyboard dummies (e.g., false ATMs), wiretapping etc. Even biometric features have to cope with such problems. However, it can be assumed that hijacking biometric features is not easier than sniffing a password, provided the implementation expense is comparable!

Conclusion: Surely, there are cases where passwords offer more security than biometric features. However, these cases are not common!

Source: http://www.bromba.com/faq/biofaqe.htm

Tags: , ,