Dubai: Biometrics, which is increasingly being deployed for identification, authentication and other critical security applications, are as vulnerable as any other digital system as they can be attacked, a top cyber security expert has warned.
In an interview to XPRESS on the sidelines of the Institute of Electrical and Electronics Engineers’ Winter School on Security and Privacy Issues in Biometrics held at the New York University Abu Dhabi last week, Hoda Al Khazaimi, the first Emirati female director of the Center for Cyber Security in the university, said, “Biometrics systems are subject to direct attacks on biometrics sensors using spoofing and mimicry methods that aim to gain access to the system using fake biometric traits or artefacts. This is in addition to indirect attacks such as tampering, masquerade and replay attacks where an attacker can impersonate you using a recorded instance of your biometric trait.”
Hoda said, “Another challenge in biometrics research lies in the fact that some of the algorithms built around the analysis for biometrics models are sensitive to the process of ageing in the subject. Changes in skin colour and the environment (light exposure etc.) can also introduce false negative results.” The good news, however, is that these vulnerabilities can be mitigated. Countermeasures to attacks exist in the form of anti-spoofing mechanisms and algorithms in place for the detection of fake or computer-generated biometric samples, said Hoda.
“Deep learning algorithms are used to enhance the performance of biometrics modalities and to ensure that certain attacks are mitigated. Discovering new ways to combat these challenges is a continuous, ongoing global research effort.”
Biometrics, the science of recognising individuals based on their biological and behavioural attributes such as their face, fingerprints, iris or voice, is used in many places, including airport border controls and banking systems employing phone banking applications.
Day-to-day applications
“For a time it was believed that biometrics systems were the replacements of textual passwords as a means of access control or authentication technique. However, their current application surpasses this original assumption. Developed biometrics solutions can be found in many daily digital systems around us, including phone fingerprints, border control iris recognition cameras, crime investigation techniques and other identification systems,” said Hoda.
She said leading biometrics experts from both academics and industry discussed template security, anti-spoofing techniques, privacy of soft biometrics and vulnerabilities of behavioural biometrics at the winter school. “Parameters of study included an individual’s face, fingerprints, iris, voice and gait. The goal of the winter school was to offer participants a comprehensive understanding of the security and privacy aspects of biometric technology.”
She said using facial and iris recognition as a replacement for national identity requirements in certain government departments was recently discussed.
“Selfie banking was one recent application that was introduced through which you could gain access to your financial records using a capture of your face. On a global level, one recent application has been to use biometrics for refugee relief as a measure of identification of individuals who lack other means of authentication.”
Hoda said the same systems are being used in counter-terrorism efforts through facial recognition and other mechanisms to ensure that certain people in a crowd are not criminals or pose threats.
The main advantage of biometrics systems in comparison to traditional techniques is that these systems are built using a trait unique to the individual, such as their facial features and fingerprints. This is in contrast to a password or token-based system that relies on retained knowledge or objects: items that you either know or have that can be forgotten or lost. In brief, it is a comparatively efficient and secure method of providing authentication for a number of systems and applications.”
Hoda said, “People need to be mindful in a world that is full of security solutions that cater to different applications, keeping up to date with how their biometrics traits are being collected and analysed.”
YOUSPEAK
Have you been a victim of identity theft? Tell us about it.
Write to us at:
editor@xpress4me.com
Whatsapp: 056 508 9988