November 28, 2012 -
Apart from the social perspective of the need to protect Biometric Templates, from a technical perspective as well, there is also a need fortify the security of Biometric Templates. Before this is discussed, it is first important to review what a Biometric Template really is. It is a snapshot of our physical or behavioral is what is being captured or analyzed. This could be an image ranging from the shape of your hand to your finger, to your eye, and even the way you speak. This image (or even multiple images may be taken) then becomes a master profile-and it is from this, that the unique features of your finger, your eye, your hand, or your voice are extracted, and then converted into a mathematical file. This file can be anything from a binary mathematical file to a statistical model. It is these mathematical files which become known as the Biometric Templates-not the images which were extracted and created.
A question which often gets asked is: “What happens if my Biometric Template gets stolen or hacked into. Will I become a victim of Identity Theft?” From a general standpoint, there is not much which can really happen, should this scenario happen. For instance, if you think about it, what can a hacker do with a series of zeroes and ones and/or a probability curve? Not much. It is not the same as stealing your credit card number. Also, each Biometric Vendor has their own proprietary, mathematical enrollment and matching (meaning, verification and identification) algorithms, so taking a template and putting into another system is simply not feasible. But, if one were to dig deeper at the technical level, Biometric Templates are just like any other technology, which are prone to failures, hacking, theft, and at granular-could to a certain degree be reverse engineered.
There are four critical areas where Biometric Templates are at most risk to hacking and theft, and they are as follows:
1) Just after template creation (this includes both the verification and the enrollment templates);
2) The biometric templates which are housed in the database (the actual database depends upon the specific biometric technology being used);
3) In client server network topology, the transmission of biometric templates from the biometric
system to the central server (this is where the biometric database resides);
4) In a hosted environment, there the biometric template database resides with a third party.
Introduction to Biocryptography
Cryptography provides the means to further protect Biometric Templates at these critical junctures. Cryptography is the science of scrambling information and data which is transit across a network medium, and then descrambling it at the receiving end into a decipherable format. That way, if the scrambled information and data were to be intercepted by a third party, there is not much which can be done unless they possess the keys for descrambling the information. These concepts of scrambling and descrambling can be very easily applied to Biometrics. This is known as “Bio-Cryptography”. In other words, the Biometric Templates are protected by scrambling and descrambling keys while they are stored in the database, or in movement across a network. Our next posting will delve much further into the concepts of Biocryptography.