In order to highlight the concept of Biometrics Security Fears, one needs to answer the following questions:
- What is biometrics?
- What biometric information is being captured during the enrolment process?
- How is this information communicated to a centralised point?
- Where is this information being kept?
- What measures are in place to safeguard the biometric information being stored?
What is Biometrics?
Biometrics (ancient Greek: bios life, metron measure) introduces the technology and methods for uniquely recognizing individuals based upon one or more intrinsic physical or behavioural traits. By recording a mathematical representation of a unique biological characteristic (enrolling), future samples of similar characteristics could then be compared to the original sample to verify that they originate from the same person (verification).
A number of biological characteristics can be used to define uniqueness in humans. Of those that are primarily targeted for biometric applications, fingerprints, vein patterns, iris characteristics, facial traits, and voice patterns are the most popular.
All these modalities listed fall under the physiological characteristics category. Behavioural characteristics that can be used in biometrics include signature recognition, biometrics locks, gait analysis, and typing biometrics or keystroke dynamics.
What biometric information is being captured during the enrolment process?
For both security and performance reasons, manufacturers of biometric access control devices make use of a principle called ‘feature extraction’ to retrieve the salient unique features of a person, without having to store an exact replica of whatever modality has been used.
For instance, with fingerprint biometrics, instead of recording an image of the person’s fingerprint, information within that image that ensures uniqueness, would be mathematically extracted and stored against the person’s identity.
This is called a ‘template’, and would typically include vectors and/or data points highlighting distinguishable unique features.
By using image processing algorithms, the software within the device is capable of identifying Ridge Endings (where the lines in the fingerprint terminates) and Ridge Bifurcations (where the lines split up into two). These are also known in the industry as minutia points.
By storing only the position and direction of the Ridge Endings and Ridge Bifurcations, the software is capable of capturing the uniqueness of each person, with a limited amount of data.
The same principle applies to all other biometric modalities, be it facial recognition, iris-, voice-, or subcutaneous vein patterns.
How is this information communicated to a centralised point?
Once the templates have been captured, it typically needs to be sent via a communication channel to a centralised point. One might argue that this is not necessary, and that information should always be retained on the device only. But the practical truth is that, with the exception of very small implementations, the last thing one wants is to re-enrol every person in the company on every device that will form part of this access-control perimeter.
Communication, be it RS232, RS485, TCP/IP, or customised protocols, will all be exposed to some level of ‘hack ability’.
We have all seen how highly encrypted secure internet communications get compromised. Sending biometric templates over a network line will have – at least – the same level of risk exposure.
Where is this information being kept?
Once the templates reach its destination, how is it persisted? In flat files on a hard-drive? In a weakly protected set of tables where anyone who can Google, can find a way to access it? Or is it stored with an acceptable level of encryption in a well-designed digital vault?
But Biometrics Security Fears and concerns are real and often well-founded. Anecdotal evidence show that:
- Not all biometric devices make use of singular template extraction. In other words – it either stores the complete picture, or it stores enough of that picture, that a good resemblance of the original image (fingerprint/eye/face) could be reconstructed later.
- Not all network communication is encrypted. Even if it is not possible to access the biometric device to retrieve the biometric information, intercepting network packets is becoming child’s-play if one has access to the right tools.
- Not all databases are created equal. There are a number of solutions in the market that store their templates in plain digital files in a predetermined directory structure. Similarly, databases – including those ‘free’ ones that we all have on our PCs – are a farce when it comes to its ability to really protect your data.
So what to do if I want to implement biometric technology in my company?
Make sure that your biometric devices do, in fact, perform template extraction. And confirm that these algorithms are done in a singular, irreversible format so that it is not possible to reverse-engineer the original image (fingerprint, eye, face, etc). One such a format that most of the leading biometric companies continuously strive to comply with, is the MINEX (Minutiae Inter Operability Exchange) standard. You can read more on this on the NIST (National Institute of Standards & Technology) web site at http://www.nist.gov/index.html.
Limit the network communication to a minimum. Try to keep as much of the rules around who can go where, when, on the biometric device and leave the sending of fingerprint templates to only those occasions where it is absolutely necessary. This should, in fact, be limited to the time of initial take-on.
Protect your data. One can write books about database security. It is of no use if the templates reside in a 128-bit encrypted database, but your IT guy knows the password as he needs to perform daily backups of the database.
There is a definite concern in the use of biometrics as a unique identifier of a person.
If your password for your internet banking is discovered, you can simply change it. Similarly, if someone finds the piece of paper with your computer password written on it, you can always change it.
But should your biometric identification be compromised, what then?
Fear of Prosecution:
The strong association between fingerprints and law-enforcement have proven to be a major stumbling block in the successful adoption and infusion of biometric access control systems. What guarantees can you give your employees that you will not send their fingerprints to some form of centralised law-enforcement agency? Identifying abnormal behaviour of your employees is easy if they know the fear of prosecution.
Biometric systems, be it applied in border control, law-enforcement, access control, or time & attendance, has the potential of simplifying our lives if we take cognisance of the fact that we are dealing with human beings. This technology has touch-points with human dynamics that has never before been executed. Not on this scale, anyway.
If we take a more holistic approach towards the implementation of this technology and eliminating Biometrics Security Fears, we might find that it is more important to sell the concept to your staff, unions, and shop-stewards, than selling it to your board of directors.
For more information on biometric access control solutions, feel free to look at our web site. AllCAD Solutions provides a hybrid solution that allows for a myriad of biometric devices of different modalities to work together to give you the perfect access control solution.