Mantra architect highlights biometric hardware design in securing ecosystems

The latest European Association of Biometrics (EAB) Lunch Talk features Mahesh Patel, principal technical architect at Mantra Softech, one of the largest technology and electronics firms in India. The company is recognized by India’s Department of Scientific and Industrial Research (DSIR) for its in-house R&D, and uses biometrics in its enterprise solutions suite.

Patel’s talk focuses on security in biometric hardware, running through what constitutes the ecosystem, and what challenges come with the use of biometric hardware. Securing biometrics in hardware involves the device itself, but also the modes of transmission of data, protection against various types of attacks, and ensuring the authenticity of the biometric data.

Mantra is one of a handful of companies with biometric scanners certified for Level 1 Aadhaar authentication in line with STQC’s liveness detection requirements.

Use cases for biometric hardware include the usual suspects: financial transactions, law enforcement and border control, access control, and military and defense applications; mobile and device authentication, workplace authentication and identity verification in healthcare. More particular to India, biometric hardware can also be used in the subsidized food and farming product distribution service.

Patel runes through ways to design hardware “in such a way to prevent external attacks,” which include using a trusted platform module (TPM) that implements the ISO/IEC 11889 standard; a trusted execution environment (TEE), which allows code to be processed in a secure area of a processor; a ball grid array (BGA), a type of surface mount packaging for electronic components; and a tamper mechanism.

Watermarking and using “various cryptographic operations using cipher algorithms such as AES, RSA and ECC” also help bolster biometric data protection.

Hardware, OS, transmission, PKI all key to combat threats

The threats and risks that come with biometric hardware are also familiar culprits: physical tampering and side-channel attacks, man-in-the-middle attacks that intercept biometric data during transmission, template inversion attacks that reconstruct biometric features from stored (and stolen) data, and spoofing and presentation attacks.

To ensure security in biometric hardware, Patel lists four physical and logical components:  security at hardware design level, security at the OS level, security during transmission of data from host to device and vice versa, and implementation of public key infrastructure, or PKI.

Physical security encompasses everything from epoxy potting of exposed circuits to  tamper-evident enclosures to welding and screwing. Patel recommends a FIPS-140-2 Level 3 or above pre-certified chip for storing cryptographic keys, and secure USB authentication mechanisms to ensure only trusted devices can communicate with the host system.

Secure capture and processing are equally important, as is implementing an anti-spoofing mechanism – i.e., biometric liveness detection.

For data transmission, PKI manages digital keys and certificates to enable secure communication, authentication and data integrity across networks – thereby helping to ensure data remains confidential, and establishing trust.

Article Topics

biometric hardware design  |  biometrics  |  EAB  |  European Association for Biometrics  |  India  |  Mantra Softech  |  research and development