This was done by creating an artificial fingerprint from the little traces that are left on the biometric scanners. This entailed the process of obtaining the relevant biometric data. The second approach involved employment of a technique that is commonly referred to as deploying a replay attack. In this approach is equivalent to the man-in-the-middle attack that is common in various communication data breaches. The process involves the tapping or rather eavesdropping on the biometric data as it is being sent from the scanner to the system in the process of authenticating a genuine system user. The data collected is then sent over the communication link again in order to replay the previous authentication process and viola!, the fake user is granted unauthorized access to the system.
The final approach involved the process of breaching the biometric database itself. In this kind of a breach, the attacker would enroll fake biometric credentials or rather details in order to enable the system to recognize the fake use as a genuine user.
The privacy risks associated with the use of biometric systems has been studied by various researchers. Davida et al. And Prabhakar for example studied the privacy risks involved in the use of biometric systems. The fact that biometric data contain very sensitive information with implications on the personal privacy makes it very crucial to ensure that the data is secured with the best possible security features. The biometric data may also reveal certain very sensitive information regarding a certain person. The privacy concerns come in various forms. The biometric templates have been shown to reveal certain personal details regarding various individuals. Through the biometric template for example, it is possible to tell the ethnic orientation of an individual, his kinship, disease and even their gender. As an illustration, it has been observed that a considerable number of individual who suffer from Downs Syndrome do have speckles on their iris that is referred to as Brushfieldmplates.This kind of a correlation shows clearly the extent of exposure which the biometric template can reveal regarding an individual's private data. The biometric templates must therefore be properly secured in order to ensure that an individual's privacy is not violated.
The second privacy concern regarding the biometric data stems from the fact that the biometric template is unique to a particular individual and therefore can enable an individual's enrolment or use of other databases to be determined. This can result to certain cases of profiling. The third concern leans more on the security side than on the privacy side. It relates to the fact that the biometric data of an individual can be cloned and be used to impersonate the real user. The risk of impersonation can lead to serious cases of identity theft and hence violation of an individual privacy. Despite the fact that certain biometric characteristics are considered to be public, the access to the primary biometric template must be restricted to the right applications and institutions. This is in order to prevent case of adversary reconstruction of the original template with an effort to come up with a fake biometric sample for use in authorizing an illegal entry or enrolment.
All the above risks together with the fact that the biometric template is unique to an individual and can never be issue afresh results to very serious problem in case of a biometric template theft. What is more worrying is the fact that the biometric data theft might not even be detected in the first place. It therefore becomes very necessary to ensure that proper policies and mechanisms are laid down in order to ensure the safe usage and storage of biometric data.
Purpose of the Study
The purpose of this study is to identify the security and privacy concerns of the biometric security systems with efforts to come up with comprehensive techniques and solutions to tackle them. This is with the overall intention of improving the integrity of data and the efficiency of the biometric systems.
Abdullayeva, F Imamverdiyev, F, Musayev, F and Wayman, J (2009).Analysis of Security Vulnerabilities in Biometric Systems. San Jose State University, San Jose, USA,