September 18, 2015 -
The Biometrics Institute released its new guiding paper, “Top 10 Vulnerability Questions”, to its members and key stakeholders, which helps to clarify some of the commonly asked questions regarding the spoofing of biometrics.
“We have been following the research of fake biometrics very closely and with great interest,” said Isabelle Moeller, CEO of Biometrics Institute. “Most recently claims have been made that you can steal fingerprints with only a camera as presented at the Chaos Computer Club Conference in Germany in December 2014. This important topic will be discussed at two upcoming events, the BVAEG Workshop and Biometrics 2015: Secure identity solutions now!, both in London in the week from 12-15 October 2015.”
The paper addresses the widely-known spoofing technique where a fingerprint image can be captured from a distance, under the right conditions, using a high resolution camera.
The Biometrics Institute questions the practicality of the spoofing method for hackers or other criminals, stating that “the question remains if it is worth the effort required compared to other traditional ways that security can be breached, for instance by stealing passwords.”
The paper goes on to explain that while biometrics provide a higher level of security than pins and passwords, they contain vulnerabilities that need to be addressed.
The organization emphasizes the importance of ensuring that security policies maintain a balance “between the security strength and what is being protected.”
The Top 10 Vulnerability Questions document addresses several questions involving biometric vulnerabilities, including whether a biometric can be stolen, what mitigation may be considered and what to do should this ever occur.
The paper is designed to demystify some of the regular headlines around biometric spoofing, as well as to serve as a discussion paper for the Biometrics Institute members and stakeholders to raise awareness about the importance of vulnerability assessments and that mitigation is available.
The Biometrics Institute also mentions there are a number of software and hardware solutions available that are able to detect such spoofing attacks.
The organization is also taking further steps to address biometrics through an ISO/IEC standards project to develop data interchange formats and testing principles for software and hardware used to combat biometric spoofing.
“The Biometric Vulnerability Assessment Expert Group (BVAEG) – a subcommittee of the independent Biometrics Institute – consists of many of the most experienced experts in this area from around the world,” said Dr. Ted Dunstone, head of the BVAEG of the Biometrics Institute, “the BVAEG mission is to raise awareness of the need for vulnerability detection to be included with biometric devices, to promote standards, enhance privacy protection, performance measures and testing, and to help facilitate the dissemination of new research or findings in this area.”
Members of the Biometrics Institute can receive a copy of the Top 10 Vulnerability Questions by emailing email@example.com.
In addition to BVAEG Workshop and Biometrics 2015: Secure identity solutions now!, the Biometrics Institute will also present the paper at the Showcase Australia on November 18 in Canberra.
Previously reported, the Biometrics Institute received funding from the Australian government to further develop its Trust Mark certification.