Biometrics security

Times of Malta reports last month that the Maltese Passports Office has started issuing biometric passports, thus providing holders with a more secure travel document.   “timesofmalta.com” indicates that the launch was made last October by the Minister for Infrastructure, Transport and Communications, Austin Gatt, who said that the new passports were being produced in line...
Read more »

There are significant privacy and civil liberties concerns regarding the use of such devices that must be addressed before any widespread deployment. Briefly there are six major areas of concern: Storage. How is the data stored, centrally or dispersed? How should...
Read more »

Scientists from the Monell Center present behavioral and chemical findings to reveal that an individual’s underlying odor signature remains detectable even in the face of major dietary changes. The findings using this animal model support the proposition that body odors provide a consistent ‘odorprint’ analogous to a fingerprint or DNA sample,” said Gary Beauchamp,...
Read more »

Users may be concerned that the use of biometric authentication will increase the danger that they will find themselves targeted by ruthless criminals who are intent on gaining entry to the assets protected by the biometric. With non-biometric authentication, cards, keys, and passwords could be stolen and used by criminals without the presence of the user. If biometrics...
Read more »

If details of countermeasures employed in biometric systems are publicised, it may help attackers to avoid or defeat them. Similarly, if attackers know what countermeasures are not employed, this will help them identify potential weaknesses in the system, and direct attacks towards those weak areas. The counter-argument is that public exposure of countermeasures and vulnerabilities will lead to a...
Read more »

Many encryption algorithms are publicly available to allow cryptographers to analyse and verify the strength of the encryption. Biometric algorithms are not readily available for review and are thus an unknown factor. Biometric algorithms do not generally fulfil the same purpose as cryptographic algorithms. Rather, they represent the encoding rules for the biometric feature set to derive a template...
Read more »

This is a sometimes heard expression of concern about the potential misuse of biometric data stored on central databases. It refers to the threat to privacy that such centralised collections of personal data could pose if compromised. Biometric data are regarded as personal data and hence subject to the controls appropriate to personal data. There is a perceived...
Read more »

Biometric systems may be initially adequately secure, but become less so with passing time. This could be because critical security parameters such as threshold settings become maladjusted, or sloppy enrolment procedures lead to poor enrolment quality. Some biometric systems are self-adaptive which means that the templates are updated each time a user accesses the system. This feature is...
Read more »

This is related to the covert use of biometrics (see “Can my biometric be collected covertly?” previously), and to functional creep in applications. It is important to realise that authentication does not necessarily imply consent, and it is consent which is the issue of concern here. Any application could be affected though the concern will grow with wider...
Read more »

Valuable assets are traditionally protected by secrecy, typically secret passwords. Biometric features are often readily observed and do not possess equivalent secrecy. They may also be captured with varying degrees of difficulty. This is a variation on the spoofing concern. It is certainly true that the source biometric features are not secret, but the argument as expressed is...
Read more »

There is sometimes a misapprehension that biometrics can provide absolute identification (e.g. of terrorists, criminals etc) as though the implementation of biometric systems will somehow solve the problem of a major terrorist attack. Of course biometric systems can, at best, only identify/verify individuals who have been previously enrolled. Applications can use this functionality in various ways, for example to...
Read more »

Capture/replay is the name given to attacks where the biometric signals from an enrolled user are captured at one place and time and replayed later (usually at the same place) in an attempt to fool the system that the enrolled used is present. Although this can arguably occur at many points in the biometric system, the terminology...
Read more »