Privacy in Biometrics: Why You Should Not Worry About

>>>>>>Privacy in Biometrics: Why You Should Not Worry About

Introduction

Biometrics are one of the most commonly discussed security trend right now – due to its dramatic penetration to daily lives, in such short amount of time. From iPhones to fingerprint API of Android Marshmallows, office entrances to stadiums, biometrics – all the more so fingerprint identification – has practically been using in any industry now.

On the other hand, as the biometrics technology goes mainstream each day on, privacy concerns regarding biometrics has been raising correlatively. A datum, in that case a fingerprint which is previously seen “very confidential” gets spread to everywhere. Although the extent to which the biometrics are offering much more solid security and life easing concept than any other – a bigger problem materialises at this point. People could not help but wonder about the fact that there is a big elephant in the room. And that is;

“There is no ‘reset my password’ here. What if my fingerprint gets stolen?”

It’s vital to understand the basic process of biometrics and in very particular – fingerprints here; how they are enrolled, stored and used? What differences do they have as they’re being taken for passports and for your iPhone’s?  In civil and legal applications? Let’s look under the hood a bit now.

Did You Know That…

The Power of Non-Ubiquitous Templates

Most common fear is that once a fingerprint is given, they could be used in absolutely anywhere. Yes, a generic scanner does store a decent amount of data but the attributions of the data, in that case fingerprint, fairly differs; which makes almost impossible to be used in wide-range of platforms, even if those platforms are subjected to be governmental ones.
Unlike common understanding, fingerprint scanners do not literally “scan” the finger, so that they do not store the digitalised image of a fingerprint. In lieu, they scan the distinct characteristics of the fingerprint (minutiae) and reflects them into mathematical representations which are called “templates”. However, manufacturers in biometrics industry are in tendency to use different templates from each other, so that they are able to use these templates for coding with their own algorithms afterwards. If a hacker manages to actually leak into a law enforcement agency’s fingerprint repository, or somehow (world’s hardest somehow will be explained in-depth, in another post) manages to steal it as it’s being taken or right after it’s been taken, here comes the magic – Obtaining a particular template does not allow to possibly form the actual and entire digital fingerprint copy. Articulating that, a hacker who comes through all the difficulties and obtains a finger template does not mean that he will be able to abuse that template in multiple platforms for both technical and practical reasons.

Another thing is, a print given for passports or any legal applications, would be constituted of binaries (digits) as it is a legal security application. However, your iPhone only needs to check the photographic image of your fingerprint, and does not recognize minutiae-based templates, vice versa. Whereas in traditional security, in case a password or PIN is cracked, it is likely to be used in several platforms easily; from e-mails to banking app to even Instagram. In other words; letters, numbers and even their strongest combinations are ubiquitous, which consequence their users being vulnerable to cyber-attacks.

We Are Not There Yet

Recapping the last decade in our lives – the speed of the technological applications went beyond the expectations. What we write about biometrics’ privacy is limited to the applications and practices in the actual fields only for today. In a futuristic scenario, if a single fingerprint used for using public transportation, buying clothes, running your car, ordering food online and etc, it would open the way of possibilities for spoofing into several online accounts, asking for particular fingerprint to confirm that it’s you. But even if, biometrics has unique way to store the data and use it in different platforms, which cannot be compared to traditional passwords. And as the title suggests: We are not there yet.

Conclusion

Digitalising and integrating our daily lives to number of platforms, have necessitated a further security approach besides passwords and thousands of people each day learn the fact from the hard way; unfortunately by being hacked or frauded. We happened to walk into an era where PIN’s or strong passwords are not adequate for a “normal” person anymore, in fact they are the weakest links.

0%
According to a research conducted by Symantec unveils the frightening fact about smartphones and the general risk we face each single day: Nearly 50% of people who found the lost smartphones in random places, attempted to access online banking apps!

Today, biometrics are the leading technology offering the ultimate security in lots of industry. However, due to lack of information and misconceptions, they can be regarded as “dangerous to share”. In increasingly digitalised world, every person need to put their prejudices and learn about what they’re unsure of. Especially for the sake of things that allow their life to be much simple, secured and improved. Biometrics, for sure, is one of them and has incredible preventive security potentials in today’s high-tech world.

Symantec research can be found clicking here

By |2017-03-18T12:00:21+00:00April 23rd, 2016|Categories: Biometrics|Tags: , , , , , , |4 Comments

4 Comments

  1. Berfu 29 April 2016 at 5:54 pm - Reply

    So that is how smartphones scan our fingerprint. Valuable info!

  2. Andrew 2 May 2016 at 8:27 pm - Reply

    Another question I would add to the mix is what can user does to avoid false rejections in a fingerprint authentication system? If the technology getting that broad, we’d better make the most out of it. Explanatory article though

    • Pamir Kargin 3 May 2016 at 10:52 am - Reply

      Hello Andrew, a post is definitely coming up on the question you addressed. It will cover the ways to diminish FRR (false rejection rate) and FAR (false acceptance rate) which concern both users and system manufacturers. Stay tuned for that!

  3. DDemir 3 May 2016 at 2:40 am - Reply

    If you want to enter USA or Japan or EU, you have to scan your fingerprints at border.

    Are you crazy about that? Even if yes, you do not just return back from the door and continue.

    So, if people understand that this data is useful for public safety(not only fingerprint but all biometric information) and for his own security; then reactions should be limited just like when they are travelling to Japan.

    Anyhow, it is a starting discussion. Hoping to hear more numbers and more facts in time.

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.