Biometrics-Security- Technical, Privacy, Religious, Ethical Issues

CHIDANANDA.K

Biometrics
Biometrics is the study of computerized methods to identify a person by their unique physical or behavioral characteristics

Types of Biometrics
Biometrics can be Divided into two classes: Physiological
Examples: fingerprint, face, hand, iris, Retinal recognition

Behavioral
Examples: signature and voice

Disadvantages
False rejection False acceptance One password ever Physical damage Biometric database compromised
Corrupt matcher Changed feature set

Finger Prints
Cons: Quality of scanning is Highly Variable 1-3% of public do not have suitable finger prints Susceptible to spoofing Social Stigma( Public perception of Criminality)

Facial Recognition
Susceptible to aging Lighting and other factors Susceptible to spoofing Accuracy is not very High

Iris & Retinal Scan

Poor Accuracy ( Like Retinopathy, Aging) Specialized Cameras required Not a well tested Technology

Signature & Voice Recognition

Varies with mood, stress and age Voice susceptible to change due to disease Intrusive Operator skill required

Biometrics: How Strong?

Three types of attacks Trial-and-error attack

Classic way of measuring biometric strength

Digital spoofing
Transmit a digital pattern that mimics that of a legitimate users biometric signature Similar to password sniffing and replay Biometrics cant prevent such attacks by themselves

Physical spoofing
Present a biometric sensor with an image that mimics the appearance of a legitimate user

Voluntary finger cloning

1. Select the casting material
Option: softened, free molding plastic (used by Matsumoto) Option: part of a large, soft wax candle (used by Willis; Thalheim)

2. Push the fingertip into the soft material 3. Let material harden 4. Select the finger cloning material
Option: gelatin (gummy fingers used by Matsumoto) Option: silicone (used by Willis; Thalheim)

5. Pour a layer of cloning material into the mold 6. Let the clone harden

Youre Done!

Matsumotos Technique

Making the Actual Clone

Making a Gummy Finger from a Latent Print

Finger Cloning Effectiveness

Willis and Lee could trick 4 of 6 sensors tested in 1998 with cloned fingers Thalheim et al could trick both capacitive and optical sensors with cloned fingers
Products from Siemens, Cherry, Eutron, Verdicom Latent image reactivation only worked on capacitive sensors, not on optical ones Cloned fingers tricked all of them Compaq, Mitsubishi, NEC, Omron, Sony, Fujitsu, Siemens, Secugen, Ethentica

Matsumoto tested 11 capacitive and optical sensors

 We can build physical clones of biometric features that spoof biometric readers
Matsumoto needed $10 worth of materials and 40 minutes to reliably clone a fingerprint

We can often build clones without the legitimate users intentional participation

Ethical & Religious issues

Biometric Technology is nothing but a form of tattooing at a technological level. People feel untrustworthy and embarrassed. Moreover, people claim they're being dehumanized. Personal data used for something other than its advertised purpose.

Privacy & Public concern

Biometrics erode privacy Biometric data indicates who you are Biometric data can be used to steal your identity Biometrics can be used to link info from various sources A biometric can be intercepted and used to abet fraud Biometric information is vulnerable over a network Biometrics can track you wherever you go Biometrics stored in a database are a threat to personal privacy Who can access data Misuse of personal data What happens to biometric data after the intended use is over Security of biometric data assured during transmission and storage

Some case studies

Biometric passports hacked Britain "Vietnamese researchers have cracked the facial recognition technology used for authentication in Lenovo, Asus, and Toshiba laptops

Aadhaar: on a platform of myths

Myth : Identity theft can be eliminated using biometrics. The report of the UIDAI's Biometrics Standards Committee actually accepts these concerns as real. Its report notes that fingerprint quality, the most important variable for determining de-duplication accuracy, has not been studied in depth in the Indian context. However, this critical limitation of the technology has not prevented the government from leaping into the dark with this project, one whose cost would exceed Rs.50,000 crore.

Aadhaar: on a platform of myths

It is estimated that approximately five per cent of any population has unreadable fingerprints, either due to scars or aging or illegible prints. In the Indian environment, experience has shown that the failure to enrol is as high as 15 per cent due to the prevalence of a huge population dependent on manual labour. Cont

Aadhaar: on a platform of myths

It is said that the greatest enemy of truth is not the lie, but the myth. A democratic government should not undertake a project of the magnitude of Aadhaar from a platform of myths. The lesson from the U.K. experience is that myths perpetrated by governments can be exposed through consistent public campaigns. India direly needs a mass campaign that would expose the myths behind the Aadhaar project. (R. Ramakumar is Associate Professor with the Tata Institute of Social Sciences, Mumbai.)

Thank you !!