Biometric Security
- Are biometrics more secure than passwords?
- Could someone use a replica of the user’s biometric to gain unauthorized access to the system?
- How do performance metrics affect security (e.g. as the FAR decreases, does the security increase)?
- Can a biometric be reconstructed from a template?
- What is liveness detection?
- What happens when a biometric is compromised (stolen)?
- What is skimming?
- What is eavesdropping??
Are biometrics more secure than passwords?
In general, security of a system depends on the design of that system and its operational implementation. In general, a properly designed biometric system would be more secure than a properly designed password system because the system is inherently harder to spoof.
Could someone use a replica of the user’s biometric to gain unauthorized access to the system?
In rare instances, it may be possible. Although this a question frequently asked, it is more science fiction than a reality. In reality, it is much easier to find alternative weaknesses to a system than to mimic the biometric of a genuine user.
How do performance metrics affect security (e.g. as the FAR decreases, does the security increase)?
There is a trade-off with the relative errors; false acceptance rates generally increasing as false rejection rates decrease. Performance measures, such as a Receiver Operating Characteristics (ROC) curve, highlight the accuracy of a system in a specific instance. This information can be used to maximize the security and convenience based on the needs of the specific application.
Can a biometric be reconstructed from a template?
There have been studies where pseudo-fingerprint images have been reconstructed from the fingerprint template, and face images have been reconstructed from face templates. In these instances, it is essential that specific information about the enrollment process is known.
What is liveness detection?
Liveness detection is used to ensure that only characteristics from a living human being can be enrolled, stored and recognized in a biometric system. Liveness detection can be used to recognize spoof attacks (e.g. submission of a fake biometric sample.)
What happens when a biometric is compromised (stolen)?
Biometrics are one part of an overall system. Actions taken when a system is compromised will vary from system to system.
What is skimming?
The act of obtaining data from an unknowing end user that is not willingly submitting the sample at that time. An example could be secretly reading data while in close proximity to a user on a bus.
What is eavesdropping?
Surreptitiously obtaining data from an unknowing end user that is performing a legitimate function. An example involves having a hidden sensor co-located with the legitimate sensor.
