This was done by creating an artificial fingerprint from the little traces that are left on the biometric scanners. This entailed the process of obtaining the relevant biometric data. The second approach involved employment of a technique that is commonly referred to as deploying a replay attack. In this approach is equivalent to the man-in-the-middle attack that is common in various communication data breaches. The process involves the tapping or rather eavesdropping on the biometric data as it is being sent from the scanner to the system in the process of authenticating a genuine system user. The data collected is then sent over the communication link again in order to replay the previous authentication process and viola!, the fake user is granted unauthorized access to the system.
The final approach involved the process of breaching the biometric database itself. In this kind of a breach, the attacker would enroll fake biometric credentials or rather details in order to enable the system to recognize the fake use as a genuine user.
The privacy risks associated with the use of biometric systems has been studied by various researchers. Davida et al. And Prabhakar for example studied the privacy risks involved in the use of biometric systems. The fact that biometric data contain very sensitive information with implications on the personal privacy makes it very crucial to ensure that the data is secured with the best possible security features. The biometric data may also reveal certain very sensitive information regarding a certain person. The privacy concerns come in various forms. The biometric templates have been shown to reveal certain personal details regarding various individuals. Through the biometric template for example, it is possible to tell the ethnic orientation of an individual, his kinship, disease and even their gender. As an illustration, it has been observed that a considerable number of individual who suffer from Downs Syndrome do have speckles on their iris that is referred to as Brushfieldmplates.This kind of a correlation shows clearly the extent of exposure which the biometric template can reveal regarding an individual's private data. The biometric templates must therefore be properly secured in order to ensure that an individual's privacy is not violated.
The second privacy concern regarding the biometric...
This can result to certain cases of profiling. The third concern leans more on the security side than on the privacy side. It relates to the fact that the biometric data of an individual can be cloned and be used to impersonate the real user. The risk of impersonation can lead to serious cases of identity theft and hence violation of an individual privacy. Despite the fact that certain biometric characteristics are considered to be public, the access to the primary biometric template must be restricted to the right applications and institutions. This is in order to prevent case of adversary reconstruction of the original template with an effort to come up with a fake biometric sample for use in authorizing an illegal entry or enrolment.
All the above risks together with the fact that the biometric template is unique to an individual and can never be issue afresh results to very serious problem in case of a biometric template theft. What is more worrying is the fact that the biometric data theft might not even be detected in the first place. It therefore becomes very necessary to ensure that proper policies and mechanisms are laid down in order to ensure the safe usage and storage of biometric data.
Purpose of the Study
The purpose of this study is to identify the security and privacy concerns of the biometric security systems with efforts to come up with comprehensive techniques and solutions to tackle them. This is with the overall intention of improving the integrity of data and the efficiency of the biometric systems.
Abdullayeva, F Imamverdiyev, F, Musayev, F and Wayman, J (2009).Analysis of Security Vulnerabilities in Biometric Systems. San Jose State University, San Jose, USA,
C'T, (2002) Thalheim Lisa, Krissler Jan, Ziegler Peter-Michael, c't Magazine,
November, 2002, August 21, Koerperkontrolle, Biometrische Zugangssicherungen
auf die Probe gestellt, p. 114. Retrieved November 9,
2003, from http://www.heise.de/ct/02/11/114/
IBIA, 2003, November 06, Privacy Principles. Retrieved November 16, 2003, from http://www.ibia.org/principl.htm
It also helps to reduce the threat of identity theft as this is frequently initiated through the hacking of such highly vulnerable wireless communication devices. According to ThirdFactor, the same BioLock technology is currently being adapted to meet the needs of the Microsoft Windows and Mac OS packages on the market's near horizon. This suggests that the pacesetting consumer brands in the technology, software, cell phone and computing industries
This is a separate problem from the system being hacked. Managers may also be far too unaware of the ease in which cellphone networks can be hacked (Hacker Cracks T-Mobile Network). Certainly being aware of the ways in which cellphone and other electronic systems can be hacked or infiltrated in other ways. Such technical attacks can be relatively more easily addressed. Hacking is nearly as old as computer technology itself
Biometric Technology Biometrics are those easily measurable physiological, behavioral or anatomical characteristics, which can be used in identifying an individual. A common biometric modality is fingerprints, but there are others like DNA, voice patterns, irises, facial patterns, and palm prints. Biometrics have been quite beneficial in the last couple of years for law enforcement and intelligence (investigative) purposes, mostly to the FBI and its associates. in the intelligence and law enforcement
This is sensitive information that should be securely stored. The records contain confidential information that could be used in identity theft. The records should be securely stored either in soft copy or hard copy. Only authorized personnel should have access to these records. Audit trails should be installed to keep track of the personnel who access the records. The authorized personnel should be analyzed and background checks conducted. Strict
Biometric Safeguards and Risks Biometric Safeguarding Itakura and Tsujii are proposing to allow an external organization, such as PKI, to issue biological certification as a way to ensure the validity of biological information. (Itkura, 2005) It would consist of three cryptographic keys; a public key and two secret keys. The public key would be defined as the representative template for personal biological information registration. The algorithm selects the representative template to be
Biometric Controls Biometric Cost Analysis There are some questions that will help determine the cost benefit analysis of a new biometric system (Cooper). The level of security, the level of reliability, need of backup, the acceptable time for enrollment, level of privacy, and storage needed are things that need to be determined first. Will the system be attended or not? Does the system need to be resistant to spoofing? Will the system