Exorcising the Biometric Boogeyman
Misinformation breeds monstrous tales of biometric technology
29 September, 2014
category: Biometrics, Digital ID, Government
Palm vein and Florida schools
Fingerprints are the most common punching bag for biometric critics, but palm vein is another modality that is gaining popularity and is also seeing deployments in school lunch lines. The Pinellas County school district, near Tampa, has been using the scanners but will have to find a new way to get kids through the lunch line under the Florida’s new law.
Palm vein biometrics uses near-infrared light to record the vein pattern in a hand, says Gene Wright, product manager for PalmSecure Biometrics at Fujitsu. The system has built in liveness detection because blood needs to be flowing through the veins for enrollment and authentication.
As with fingerprints, palm vein systems do not store images of the actual vein pattern, but rather templates. The technology captures data points on the palm and then checks against that for future authentication.
Once a template is created, there are several other steps Fujitsu takes to protect that data. Each sensor has its own specific encryption protocol. “Even if you intercepted the data stream from the sensor to the database it would do you no good if you tried to inject it into an other sensor,” he says.
Also, the enrollment template is encoded in a way that would not enable it to be used for validation.
“The validation template is in a different format and converted in a different manner,” Wright explains.
Also, each palm vein deployment uses a different type of encryption, so if one encryption key is compromised it doesn’t mean all of them have been hacked. “The encryption is unique to each partner or application provider so they can use it with their installed base,” Wright says.
Encryption further secures templates
While template use is common for commercial biometric deployments, so is encrypting the template data. Enterprises designing and deploying biometric systems need to use best practices for data security whether protecting fingerprint templates or other system data, suggests Garris. “A well designed biometric system will have data security built in, and it will encrypt the templates,” he says.
Lumidigm makes sure its deployments take multiple steps to protect data, says Phil Scarfo, vice president of sales and marketing at the HID Global subsidiary. “Think of it as a unique, encrypted bundle that can be protected in even more ways than digital signature or a one-time password credential,” he says.
No two biometric authentications are the same. Each time someone uses a biometric system the sensor gathers different information, which is translated into a template and checked against the database. The match is always probabilistic. “You basically have a secure tunnel between the user and the sensor, with unique information being exchanged. And if you were to login again there would be different information exchanged,” Scarfo says.
While encrypting templates has become a standard practice, what would happen if a hacker got a hold a biometric template? The odds of reverse engineering a usable image from that template are extremely low, but could a stolen template – the binary code – be used for access?
The possibility of an injection attack exists but only if the system is poorly designed , says MorphoTrak’s Jones. This kind of attack would attach an outside device to the scanner and feed the template code in that way. “Technically anything is possible but it’s about staying one step ahead of hackers,” he adds. “You need to include fake finger detection into systems and make sure the binary information being entered is from the scanner and a live finger and not another device.”
Those against biometrics also posit that once a biometric is stolen it’s gone forever. “There’s a misunderstanding that a biometric is like a Social Security number,” says Mizan Rahma, founder and CEO at M2SYS. “Templates change from implementation to implementation.” And templates are not images so there is really nothing personal to lose, he explains.
Researchers are also working on a revocable template, says NIST’s Garris. This technology is still being devised but the basic idea is that if a template is corrupted it could be taken out of circulation and a new one could be generated from the same biometric information.
So, are biometrics a gateway to identity theft, or an easy and secure way to access a variety of services? Those who have worked in the industry know how to separate fact from fiction, but it’s obvious the biometrics market still has some work to do to inform politicians and the public on how the technology works and how it can be used to protect the privacy of users.