Biometric Safeguards and Risks Biometric Safeguarding Itakura

Biometric Safeguards and Risks

Biometric Safeguarding

Itakura and Tsujii are proposing to allow an external organization, such as PKI, to issue biological certification as a way to ensure the validity of biological information. (Itkura, 2005) It would consist of three cryptographic keys; a public key and two secret keys. The public key would be defined as the representative template for personal biological information registration. The algorithm selects the representative template to be stored in the Biometric Specific Memory Block defined by CBEFF standards. The two secret keys would be done separate from the public key and each other to ensure the guarantee of the security of the overall personal authentication. They would be defined as a random number generated by conventional mathematical calculation. The public key and the first secret key would work together to guarantee the security of the information. In case that the public key and the first secret key are identified, the second secret key acts as an added security. In the end, all three keys would have to be identified in order for the information to be used by intruders.

Biological information can be easily stolen by someone touching a surface, an eye or face in a camcorder, voice recording, handwriting imitated, or stolen hair with the root. The embedding of the biological information has advantages of privacy protection, zero knowledge (no information is given to an inspector), and an economical system not needing to build up its own biological database. This is feasible if the system maintains data purpose specification, accuracy, anonymity, and security. (Zorkadis, 2004) Having a third cryptographic key would be an added layer of security. The data would need specific purpose, maintained accuracy and anonymity, and have a strong security system, both technological and physical organizational, as well as strong security policies. The external organization would also need to be held accountable for the protection of the biological information they encounter.

Biometric Risks

Cyber risk exposures include system vulnerability, system circumvention, verification fraud, and enrollment fraud. (Barton, 2005) System vulnerability is weak points identified in various network entry points and integral components, such as workstations, employee awareness, servers, databases, mainframes, mobile users, and remote users. It also includes external influences that pose threats, such as vendors, customers, and partners. System circumvention includes system misuse, hardware and software weaknesses, and security of lost or stolen passwords. Verification fraud consists of stolen biometric samples through force or amputated body parts. Enrollment fraud is what constitutes authentication and the ability of the information being tampered with.