FB pixel

Biometrics Institute CEO outlines strengths and vulnerabilities of biometric security

Categories Biometric R&D  |  Biometrics News
 

Biometrics Institute CEO Isabelle Moeller recently penned an opinion-editorial emphasizing how stakeholders must balance the strengths and vulnerabilities of biometric technology, as its credibility relies on the industry’s efforts to collaborate globally.

The recent rise of biometrics deployments in consumer services has confirmed spoofing as a vulnerability that needs careful management.

Moeller states that the weaknesses in biometrics have “spawned a race between those creating and applying the solutions.”

She adds that while all biometric systems have some flaws, what really matters is how these vulnerabilities are mitigated.

She highlights two factors that can determine the effectiveness of a biometric solution, both of which require some trade-offs in order to achieve a useable solution.

“Firstly, the solution is only as good as the biometric data it enrolls and then recaptures each time the user authenticates,” Moeller says. “The recaptured ‘image’ can be impacted by myriad factors depending on the mode being used. Ambient noise can interfere with voice recognition, for example, eyelashes can obscure an iris image, varying skin conditions can impact fingerprints and so on.

“Secondly, the matching process also depends on how tightly the solution’s parameters are set. Insisting on too high a degree of similarity between the stored and presented image creates too many ‘false negatives’, where the genuine user is denied access, and the system rendered unusable.”

She points out that a hacker never needs to replicate an individual’s biometric image entirely, but rather, replicate it only enough of it to dupe the system. Therefore, if the matching process isn’t accurate enough it leads to ‘false positives’, where fraudulent users are given access and the system is breached.

Moeller also notes that the choice of biometric modality can have a big effect on the outcome as some biometrics are better suited to particular use-cases than others.

For example, fingerprints leave a latent image on the data capture surface, which make them ideal for criminal identification. However, the same latent image can be copied, replicated and used in a spoof attack.

Irises leave no replicable trace which makes them far less useful in criminal applications. Digital pictures of people’s faces are readily available thanks to social media, which means that face biometric solutions have to work harder than ever to verify their subject, using 3D mapping and liveness detection techniques.

Fortunately, the developers of these technologies are responding by using new, cheaper multispectral sensors (which simultaneously capture multiple biometric images within a narrow spectrum) to significantly improve the industry’s ability to detect false biometrics.

“Although improving spoof detection is important, trying to chase a perfect anti-spoofing technique for any biometric is a fool’s errand,” Moeller says. “Try as the industry might, it cannot prove a negative; it can never say that a capture device is completely foolproof, simply because it can’t be tested against the unlimited universe of current and future spoofing techniques.

Moeller emphasizes that a “single biometric solution is not a ‘silver bullet’ and, in many cases, should be deployed as a factor in a multifactor authentication solution.”

She adds that biometrics’ credibility, as well as the security of the users of the technologies will be determined by the industry’s ability to identify and adhere to best practice.

“Only by sharing live deployment experiences, establishing guiding principles, creating best practice guidelines and promoting the responsible use of biometrics globally, can the industry truly claim to be representing the interests of end-users,” Moeller says. “Biometrics may be perfect, but our use of them is not. As the adoption of biometric technologies continues to accelerate, it is our collective responsibility to ensure we strike the right balance between delivering a great user-experience and mitigating security risks along the way.”

Earlier this year, Moeller wrote an editorial that explores the benefits and challenges of deploying biometric technologies at national borders.

Article Topics

 |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events