The operations of a biometric system depend heavily on the input devices that are subjected to operational limitations. At times, the devices themselves may fail to capture the necessary input samples. They may not capture the sample sufficiently. This makes the system unreliable and vulnerable.
The more vulnerable a biometric system is, the more insecure it is.
Biometric System Vulnerability
There are the two major causes of biometric system vulnerability −System Failures
There are two ways in which a biometric system can fail to work −Intrinsic failures − They are failures such as non-working sensors, failure of feature extraction, matching, or decision making modules, etc.
Failures due to attacks − They are due to loopholes in the biometric system design, availability of any computations to the attackers, insider attacks from unethical system administrators, etc.
Non-secure Infrastructure
The biometric system can be accessible to malicious users if its hardware, software, and user data are not safeguarded.Risks with Biometric System Security
The security of a biometric system is important as the biometric data is not easy to revoke or replace. There are following prominent risks regarding security of biometric systems −Risk of User Data Being Stolen
If the biometric system is vulnerable, the hacker can breach the security of it and collect the user data recorded in the database. It creates more hazards to privacy.Risk of User Data Getting Compromised
After acquiring the biometric sample, the hacker can present a fake sample to the system. If user data is compromised, it remains compromised forever. The obvious reason is, user has only a limited number of biometrics and they are difficult to replace, unlike passwords or ID cards.Though biometric data is encrypted and stored, it needs to be decrypted for matching purpose. At the time of matching a hacker may breach the security.
Biometric System Security
A number of solutions are proposed to address the biometric system security issue. Biometric templates are never stored in the raw form. They are encrypted; sometimes even twice.In the case of biometrics, there are various resources involved such as humans (subjects or candidates), entities (system components or processes), and biometric data (information). The security requirements of confidentiality, integrity, authenticity, non-repudiation, and availability are essential in biometrics. Let us go through them briefly −
Authenticity
It is the quality or the state of being pure, genuine, or original, rather than being reproduced. Information is authentic when it is in the same state and quality when it was created, stored, or transferred.There are two authenticities in a biometric system − entity authenticity and data origin authenticity. Entity authenticity confirms that all entities involved in the overall processing are the ones they claim to be. Data origin authenticity ensures genuineness and originality of data. For example, the biometrics data is captured with sensor devices. The captured data that came from a genuine sensor is not spoofed from a previous recording.
Confidentiality
It is limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized people. In cases of a biometric system, it mainly refers to biometric and related authentication information when it is captured and stored, which needs to be kept secret from unauthorized entities.The biometric information should only be accessible completely to the person it belongs. During identification and variation, the accessing candidate needs to be restricted with appropriate security measures.
Integrity
It is the condition of being complete and unaltered that refers to its consistency, accuracy, and correctness. For a biometric system, the integrity should be high. Any malicious manipulations during operation and storage should be kept away or detected earliest by including its notification and correction.Non-repudiation
It is identification of involved resources such as entities and components. It is also seen as accountability. For example, it prohibits a sender or a recipient of biometric information from denying having sent or received biometric information.Availability
A resource has the property of availability with respect to a set of entities if all members of the set can access the resource. An aspect called reachability ensures that the humans or system processes either can or cannot be contacted, depending on user interests.Attackers can make the system unusable for genuine users, thus preventing them from using authenticated applications. These attackers target the availability of the information.
No comments:
Post a Comment