Biometric authentication systems for security applications

Biometric for Security

Biometric security is a fast growing domain of security systems. The use of biometric systems involves the use of automated techniques in the process of identifying an individual on the basis of their biological and behavioral characteristics. Despite the several advantages attached to the use of biometric security systems, recent advancements and knowledge of the security systems coupled with the advancement of technology has resulted in an increase in the number of security ad privacy concerns. The concept of integrating biometrics into security systems has very many applications ranging from domestic, corporate and even military applications. These applications of biometrics are the main reasons why it is crucial that the system is fool proof. The damages that can be associated or rather attributed to a breach of security due to a compromised biometric security system could be worth billions of dollars.

Apart from intrinsic design imperfections, it is very saddening that some cases of biometric security breaches result from negligence of biometric security system producers. This is because of their blatant failure to adhere to the laid down guidelines for security precautions to be incorporated into the design. This paper prescribed ways and means of improving the effectiveness of biometric systems by analyzing the very nature of the vulnerabilities and then prescribing the appropriate measure to counter the security vulnerabilities. The concept of vulnerability is approached by way of conducting a comprehensive vulnerability analysis coupled with an extensive vulnerability assessment of the existing biometric security systems. The proposed system for the analysis of the security vulnerabilities are to be undertaken according to the lid down procedures as required by the Assurance Vulnerability Assessment (AVA) class of the ISO/IEC 154008-3 together with Strength of Function (AVA_SOF) analysis (AVA_VLA) which are subclasses.

The paper then prescribes succinctly, the necessary steps needed to patch the breaches that are common in the biometric systems. The solution to the breaches is then delivered by use of an advanced and secure biometric authentication scheme which employs a variety of efficient and robust hashing functions. The functions employed in the authentication process are tailored to protect both the security and privacy of the biometric information.

Problem statement

Previous research has revealed that there are a lot of security and privacy concerns that surround the use of biometric security systems (Abdullayeva, Imamverdiyev, Musayev and Wayman,2009).As illustrated and demonstrated in a couple of scenarios, the several cases of misuse and breach of various biometric system has raised an eye brown in the public domain. The public is very much afraid of the fact that their personal data may land in the wrong hands and also the Big Brother may be watching their every move. In order to reduce the level of anxiety among the public, several initiatives have been devised in order to take care of the privacy concerns. An example is the International Biometric Industry Association's (IBIA) move publish a comprehensive list of all the Privacy principles to be used as the guidelines for biometric system vendors in recognizing the issue of privacy (IBIA, 2003).Several researchers have evaluated the efficiency of various biometric systems by taking into consideration the efficiency of their False Rejection Rate (FRR) and False Acception Rate (FAR).These two parameters are a perfect indicator of the overall efficiency of the general efficiency of the biometric systems. A False Rejection is exhibited whenever an enrolled user is not authorized by the system and is therefore not given the rights of access. False Acception however, is the scenario that unfolds whenever the biometric system grants access to a user whose biometric features are not stored or registered in the security system. Such a scenario can cause serious security breaches and concerns. Most of the data regarding the efficiency of various biometric systems are gathered from the vendors themselves. This makes the data to be non-conclusive since they may manipulate the data to favor their products. As an illustration, in 2001, a series of tests were conducted by the Darmstaedter Fraunhofer-Institut, together with the BSI (German Federal Institute for IT Security) in order to determine the efficiency of various biometric systems. Due to intense pressure from various biometric systems vendors, these results were never published since they represented independent and true findings.

The inefficiency of the biometric systems was further exposed by series of tests that were carried out by Peter-Michael Ziegler, Lisa Thalheim and Jan Krissler in 2002 (C'T, 2002).They employed three different approaches to breach the biometric security systems. Their initial approach involved the presentation of artificially generated biometric data to the system. This was done by creating an artificial fingerprint from the little traces that are left on the biometric scanners. This entailed the process of obtaining the relevant biometric data. The second approach involved employment of a technique that is commonly referred to as deploying a replay attack. In this approach is equivalent to the man-in-the-middle attack that is common in various communication data breaches. The process involves the tapping or rather eavesdropping on the biometric data as it is being sent from the scanner to the system in the process of authenticating a genuine system user. The data collected is then sent over the communication link again in order to replay the previous authentication process and viola!, the fake user is granted unauthorized access to the system.

The final approach involved the process of breaching the biometric database itself. In this kind of a breach, the attacker would enroll fake biometric credentials or rather details in order to enable the system to recognize the fake use as a genuine user.

The privacy risks associated with the use of biometric systems has been studied by various researchers. Davida et al. And Prabhakar for example studied the privacy risks involved in the use of biometric systems. The fact that biometric data contain very sensitive information with implications on the personal privacy makes it very crucial to ensure that the data is secured with the best possible security features. The biometric data may also reveal certain very sensitive information regarding a certain person. The privacy concerns come in various forms. The biometric templates have been shown to reveal certain personal details regarding various individuals. Through the biometric template for example, it is possible to tell the ethnic orientation of an individual, his kinship, disease and even their gender. As an illustration, it has been observed that a considerable number of individual who suffer from Downs Syndrome do have speckles on their iris that is referred to as Brushfieldmplates.This kind of a correlation shows clearly the extent of exposure which the biometric template can reveal regarding an individual's private data. The biometric templates must therefore be properly secured in order to ensure that an individual's privacy is not violated.