Biometrics is Not a Fallacy But Lowers Security
Biometrics has been a subject of my applied research for more than ten years.
I started carrying out three-dimensional (3D) object recognition in the winter of 2000. Then I was on a postdoctoral research stint at the University of Electro-Communications, Tokyo.
In 2001, I developed a technique for 3D object recognition using pattern projection and Fourier-fringe analysis.
I published some research papers in a peer-reviewed journal with my faculty advisor Prof. Mitsuo Takeda. The research results were also presented at international conferences.
Later I applied our 3D object recognition technique to 3D human face recognition.
During 2005 - 2018 I devoted much effort to biometrics recognition technology, especially 3D facial and multimodal biometrics research. I developed techniques for privacy-protected 3D face and multimodal face-plus-fingerprint biometrics.
Apple's 3D face ID is a similar technique that came much later in 2016 as a new feature in their new smartphone iPhone X.
Biometrics recognition technology is inherently probabilistic and hence unreliable.
But I must admit that biometrics authentication is unreliable because biometrics recognition is inherently probabilistic.
The recognition process of all biometrics relies on the probabilistic judgment of human beings' variable physical and behavioral features.
Human physiological features continually change with growing age. In accidents, humans may also lose some physical body parts or behavioral characteristics due to diseases.
Some biometrics recognition varies with illumination and skin color (such as a face). The probabilistic recognition processes of biometrics may often yield unreliable results.
Biometrics is not fit to be used as the default authentication factor or password.
The media have wrongly propagated biometrics technology as a more secure authentication factor. The promoters of biometrics are deliberately taking their eyes away from the security-lowering features of biometrics technology and deliberately making a rush to force biometrics into the market.
The utility of biometrics is limited due to the following principal reasons.
We already mentioned in the earlier section that an authentication system requires the recognition result to authenticate the right person deterministically.
The biometric False Match Rate (FMR) and False Rejection Rate (FRR) do not give us the confidence to adopt it for the subscriber's authentication. Moreover, FMR and FRR do not account for spoofing attacks.
Spoofing biometrics has become a common practice for criminals. Fingerprint, face, and iris scans are regularly spoofed.
Biometrics traits can't be kept secret
The biometrics traits can be obtained online or by taking a picture of someone with a camera phone (e.g., facial images) with or without their knowledge, lifted from objects someone touches (e.g., latent fingerprints), or captured with high-resolution images (e.g., iris patterns).
Once the biometrics data are hacked/stolen, those are lost forever. One can't reset biometrics like passwords. The hacked biometric data remain in the hands of the hackers forever. This problem may be called the "Biometric Data Breach Conundrum."
Liveness detection is a technique that brings smiles to the faces of the promoters of biometrics as a password. Can liveness detection permanently defeat the biometrics spoofing attacks?
Biometrics liveness detection, such as for face or fingerprints, is associated with live changes from living humans' biometric data. The detected liveness data are utilized to validate the actual person and reject the spoof.
The biometrics spoofing technology is progressing at such an alarming rate. Many security research groups can bypass liveness sensors. If biometrics is used as the only authenticating measure, there is a dark possibility that criminals might try to misuse biometrics liveness detection.
Biometrics can't avoid 'credential stuffing' (reusing the same passwords and usernames)
The credential attacks are associated with reused passwords and usernames. The hackers can use data collected from previous hacks of accounts worldwide. Since people have to use the same biometrics for all online authentications, there is no way to avoid 'credential stuffing' in biometrics.
Biometrics is not a fallacy, and it is real. But biometrics can compromise security.
Biometric features are somewhat unique physiological and behavioral signatures of humans. Hence, biometrics is not a fallacy.
As a long-time researcher of biometrics, I was deeply interested in applying biometrics recognition techniques for human authentication and identification.
But, biometrics recognition is inherently probabilistic and hence unreliable.
Moreover, there are other problems with biometrics, such as false match rate and false rejection rate, biometrics spoofs, biometrics data breach conundrum, credential stuffing, etc.
As a result, biometrics can compromise security.
Due to several drawbacks, biometrics technology doesn't give us the confidence to adopt it for authentication jobs.
Biometrics may be used in very limited applications, such as access entry under the supervision of security staff or digital forensics to help the police department to get additional information about criminals.
<> Also published on LinkedIn, a platform for professionals.
Cheers!
Unity (Debesh Choudhury)
Screenshot Source
Text Copyright © 2023 Debesh Choudhury — All Rights Reserved
Join me at
YouTube, Twitch, CashRain, Odysee, LinkedIn, Twitter, Publish0x, ReadCash, NoiseApp, and Facebook.
Earn passive income by sharing unused Internet bandwidth on Honeygain and Peer2Profit.
Lead Image: I created a GIF using an image from the news and an image by Werner Moser from Pixabay.
All other images are either drawn/created/screenshots by myself or credited to the respective artists/sources.
Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, business, or investment. Do your research before adopting any options.
Unite and Empower Humanity.
#authentication #digitalidentity #technology #cybersecurity #biometrics
July 20, 2023
Your insights into the challenges and limitations of biometrics technology are valuable. Biometrics indeed presents unique security concerns, and its reliability and susceptibility to spoofing are critical factors that need to be addressed for broader adoption in secure authentication systems.