Biometrics Recognition is Unreliable!

16 205
Avatar for Unity
Written by
2 years ago

Biometrics is often projected as a security token.

The mainstream technology news media project biometrics as a preferred token for personal identity verification and authentication.

  • The news media highlight the huge market for biometrics security.

  • They make noise about how much billion-dollar investment biometrics received.

  • Then, the news media claim that "biometrics is a reliable security technique."

As if the amount of market investment makes a security technique superior!

What immature analyses the mainstream technology news media make!

I will make it clear in the following section with relevant research references.

Image Source:  I have created a GIF animation using my title texts and a photo by Gerd Altmann on Pixabay.


Biometrics is an unreliable human recognition technique.

There are more disadvantages than advantages of biometrics recognition.

  • The promoters of biometrics recognition technology are deliberately hiding the security-lowering features of biometrics technology.

  • To secure huge investments, biometrics startups are deliberately making a rush in forcing biometrics into the market.

In reality, the utility of biometrics recognition technology is very much unreliable due to the following main reasons, described in the subsequent sections.


Biometrics recognition is probabilistic, but not deterministic.

As a technology researcher, I spent sufficient time in biometrics research since 2003. I developed a technique for 3D human face recognition in 2006. I applied the technique for multimodal 3D facial plus fingerprint recognition.

  • Biometrics is purely a probabilistic recognition technique that how much matching is possible. The tolerance of recognition is sometimes 96 to 97 percent but is never a hundred percent.

  • Some biometrics modality, such as face recognition is heavily dependent on skin color and illumination. 3D face ID matching can be easily spoofed using 3D face masks. Fingerprint and iris images are regularly spoofed with high-resolution images.


Biometrics recognition has got a False Match Rate (FMR).

  • The higher False Match Rate (FMR) of biometrics does not provide us with the required confidence in adopting it for user authentication on utility and financial services.

It is to be noted that FMR does not account for spoofing attacks. Spoofing is a different technology for criminals.

  • Even the police may sometimes create a biometrics spoof to unlock the mobile of a dead person. In fact, it happened in the US in an investigation of a murder case!


Biometrics spoofing technology is maturing fast.

As cybersecurity technology is progressing in the world, biometrics spoofing technology has also been advancing at an alarmingly fast rate.

  • It doesn't take much money and complex technology to create a spoof for a fingerprint. One can make fingerprint spoofs using cheap and easily available polymer sheets used for overhead slide projectors! 3D thumbprints may also be made on rubber thumbs

  • A group of students in the University Department of Chemical Technology (UDCT), Mumbai, India regularly cheated the university fingerprint attendance system.

It happened between 2018 and 2019. The professors found only less than the half population of the students were physically present inside the classroom, but the attendance data recorded was surprisingly above 90 percent presence!


Biometrics data can be easily copied in public places or may be purchased in the dark market.

  • Biometrics data are easily available in public places. Capturing 2D and 3D face scans is possible in public under visible as well as infrared illumination.

  • The fingerprint impression may be captured from thumbprints on glasses of water/drink in parties/restaurants.

  • High-resolution face images may be utilized to extract decent-resolution iris patterns. Voice and speech may be easily recorded from telephonic conversations, and expert voice mimicry artists can do the spoofing job for voice recognition.

For example, the entire biometrics database of the Indian digital identity system called Aadhaar is available in the dark market with a payment of a mere INR500.


Biometrics data once compromised, hacked, and stolen, are lost forever in the hands of cyber criminals!

The most worrying part of the biometrics story is severe and irrecoverable!

Once a biometrics database is compromised, hacked, and stolen, the entire dataset is lost forever. But, those biometrics data remain in the hands of cybercriminals for good.

  • For example, the Aadhaar biometrics data are in the hands of hackers and criminals. They will continue to try to do as much harm as they can.

  • The government body is hiding the news from the common citizens. But they are in no position to do anything to restore the security of the citizens whose biometrics data were stolen.

The same is true for all biometrics databases of global citizens. A large portion of the biometrics databases might already be in the hands of cybercriminals.


Biometrics can not avoid the so-called "credential stuffing" or "reusing the same usernames and passwords."

Cybersecurity experts would always advise NOT to "reuse passwords and usernames" on different platforms.

  • Unfortunately, if you adopt biometrics as an authentication factor, you willingly agree to reuse the same biometrics as your default passwords for authenticating your online accounts.

This problem is cordially known as the "credential stuffing" issue in cybersecurity literature.

  • You may now understand why using biometrics compels you to reuse the same biometrics as your passwords, and you commit "credential stuffing" which is a security vulnerable practice in cybersecurity.


Bringing it altogether

  • Biometrics is purely probabilistic, and not deterministic, such as text passwords.

Text passwords are deterministic, if you enter a wrong passcode, you will NEVER be authenticated, and you will be REJECTED. In biometrics, one person's biometrics may incorrectly authenticate another person's login and vice versa.

  • Moreover, biometrics is easily spoofable, and hence stealable/hackable.

  • Biometrics data once hacked/stolen/compromised, are lost in the hands of criminals for good. One cannot reset biometrics like text passwords.

  • There are so many other flaws, such as a high False Match Rate, and "credential stuffing," i.e., reusing the same passwords and usernames.

As a result, it would be correct to infer that biometrics recognition technology is an unreliable security method.

Biometrics is a self-problem creator, even without the presence of a hacker!


Postscript

The main problem is that biometrics recognition technology is probabilistic, and NOT deterministic. So, biometrics can never yield 100 percent recognition and have a False Match Rate.

  • That means biometrics can authenticate an incorrect person, and reject an authentic person! Biometrics is a self-problem creator, and as a result, is unreliable for authenticating the correct human being, even without the presence of a hacker!

And, not to forget, biometrics has a lot of data privacy issues. However, it is not a security issue. But, privacy is a fundamental right.

  • Accessing one's biometrics data is equivalent to invading the personal and private data of a person. All humans may not agree to provide their biometrics data to the governing and servicing companies.

It overrules fundamental freedom and human rights.


Originally published on my LinkedIn newsletter.


[Sponsor information is as below]

Image Source TheGuy – Follow him on Noise and Hive for more insights.


Cheers!

Unity (Debesh Choudhury)

Text Copyright © 2022 Debesh Choudhury — All Rights Reserved

Join me at  

OdyseeLinkedInTwitternoise.cashread.cashpublish0x, and Facebook

Lead Image:  I have created a GIF image using my title texts and a photo by Gerd Altmann on Pixabay.

All other images are either drawn/created by myself or credited to the respective artists/sources.

Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, business, or investment. Do your research before adopting any options.

Unite and Empower Humanity.

#biometrics #security #cybersecurity #privacy

Sep 22, 2022

23
$ 2.26
$ 1.02 from @TheGuy
$ 0.52 from @TheRandomRewarder
$ 0.10 from @Tomi-Ajax
+ 14
Sponsors of Unity
empty
empty
Avatar for Unity
Written by
2 years ago

Comments

Only shows that there will always be those who will cheat the system. These security measures are not safe at all.

$ 0.00
2 years ago

The main problem is that biometrics recognition technology is probabilistic, and NOT deterministic. So, biometrics can never yield 100 percent recognition and have a False Match Rate. That means biometrics can authenticate an incorrect person, and reject an authentic person! Biometrics is a self-problem creator, and as a result, is unreliable for authenticating the correct human being, even without the presence of a hacker!

$ 0.01
2 years ago

No wonder it can easily be cheated. This should be widely shared knowledge and made others be aware.

$ 0.01
2 years ago

When I re-shared this article on LinkedIn yesterday, an owner of a 12+ years old biometrics company wrote multiple comments against it, but without referring to the "probabilistic" nature of biometrics. Finally, he asks, "I don't understand what motivates you to write such posts ..." My final answer is the same fact as the "probabilistic" trait of biometrics.

$ 0.00
2 years ago

Interesting!

I never thought that biometrics would have such these disadvantages. I've always seen it as a surest way to secure and detect identity with its instant process

$ 0.00
2 years ago

Why? Because most people believe whatever is propagated by the mainstream news media. Biometrics is one such hyped item that tech startups have been trying to sell.

$ 0.00
2 years ago

Damm, sir you are very right I never looked deep into it's vulnerability and thought it to be the strongest, but it seems it's more weak and problem giving because the biometric data can easily invade one's bank account even their identity. So what the strongest security method now, I'm interested to know?

$ 0.00
2 years ago

No, biometrics is a poor security modality. Biometrics is a weak authentication factor because it is not deterministic! Biometrics is probabilistic! That means it can NEVER guarantee 100 percent recognition success! And, add the other weaknesses. Biometrics is LESS secure than text passwords.

$ 0.00
2 years ago

Wow, never knew that biometric verification is unreliable.

$ 0.00
2 years ago

Yes, biometrics tech is security lowering one.

$ 0.00
2 years ago

It is very unfortunate, biometric verification sometimes causes duplication. I mean when you go for biometric verification, people used you thumbprint for their specific purposes as well. I agreed in cryptocurrency BIOMETRIC system should be discouraged.

$ 0.00
2 years ago

There is no doubt about it that biometrics lowers security.

$ 0.00
2 years ago

I don't know much about biometrics but the little experience I've had made me believe it is truly not 💯 secure

$ 0.00
2 years ago

Know about the facts of biometrics.

$ 0.00
2 years ago

But in my opinion, biometric security is still the strongest security feature because it requires high precision to hack this security system. Maybe the combination of sound, retina of the eye and fingerprints will make biometric security stronger, although not 100% strong.

$ 0.00
2 years ago

The reliability of any technology doesn't depend on opinions. It can't depend on what we think. I wrote all the technical reasons why biometrics is a security-lowering recognition technology.

$ 0.00
2 years ago