This article is written by Dhriti Sachdeva SRM University, Sonepat Delhi NCR.
Biometrics Historical Dark Era
Because of inadequate security on the Biostar 2 system, the biometric information of over a million people was compromised in 2019. Data from UK police and bank employees that had not been encrypted was among the compromised data. A few weeks later, sensitive traveller data was leaked on the dark web after a U.S. Customs and Border Protection subcontractor was the target of a cyberattack.
Introduction
In this modernized world the technology has been developed into multi facets functions and every data has become available and registered on online platforms. Everything has been made digitalized to easily access data and protect data from theft. To address the risks in the era of cybersecurity one of the key elements is biometrics which helps in protection of digitalized feed and store data.
What is Biometrics?
Biometric is a system, (just like weighing machine works) that measures the behavioural and physical characteristics, style and captures real time mood or reaction for opening data seamlessly and cannot be imitated and replicated easily. This type of system includes facial recognition, fingerprint, sensor motion and rhythm-based technique that helps to prevent data theft. It provides unique and secured ways to verify the individual’s identity by maintaining transparent procedure.
Sometimes it can be very risky and data can be breached and leaked just like a coin has two sides. This system in one go can be protected through a multi-layer and efficient authenticated process but data can be compromised very easily.
Unlike traditional passwords, tokens and passkeys this doesn’t have to be remembered and governed by instant behavioural characteristics. This cannot be forgotten and copied because of two factor authentication, verification done by an individual personally.
As technology evolves, cybercriminals also improve their methods to breach security systems.
Significant use of Biometrics – Pros & Cons
Rising trends in zero-trust architecture: based on the ‘never trust, always validate’ principle – require companies to authenticate users and devices before allowing access to their secured systems on a continuous basis.
i) Secure and safe – The secure transaction, businesses digitally registered help in smooth functioning of this system and maintaining a transparent procedure and logging onto phones, laptops become easier and faster to operate it seamlessly.
ii) Reduce password breach – Biometrics in contrast to traditional passwords has been very beneficial to prevent stolen identity, fewer human errors and reduction in number of cyber-attacks.
iii) Improved cybersecurity that leads to an additional layer of security making the system more effective.
iv) Integration into many devices – Highly scalable and adaptable across many industries. Common applications include fraud detection, cost banking system, online banking, verification of identities etc.
Technology has negative influences too:
i) Covert operations by the government and its employees in large public spaces without recognizing facial patterns have been misleading tracking devices installed and accessed without permission. This can cause huge inconvenience and real time tracing data to anyone who could threaten to disrupt the nation such as terrorists.
ii) Facial Recognition Algorithm with AI – If this system has been integrated with an AI system that can replicate such a model by creating a separate authorization and can exploit the weaknesses in facial recognition and that can be a dangerous one. Anyone who uses Ai can create duplicate faces and can interrupt the current connection of the authorised system. In deepfake technology the photo can look the same as duplicate, which can provide misinformation to any individual, more chances of data breach, identity theft rises.
iii) Spy tools can be inserted in smartphones that can tamper with the sensors and mislead the system and leaking of personal information disrupts security. Sensitive data can be stolen from non-traceable APTs.
iv) Although biometric technology has been created with a high level of security, it is not perfect and can be broken. Attackers have figured out numerous methods to break biometric authentication systems through exploiting vulnerabilities in the system. The most extreme example of this type of attack has been generation of fake biometric samples by using either 3D printing or computer software to make artificial faces, fingerprints, and/or voices.
An example of this type of attack has “Master Face Dictionary Attack” (MFDA) wherein an attacker creates a large database of faces (Master Face Dictionary) from publicly available images of people that were able to be downloaded off the internet (and/or hacked). After creating the Master Face Dictionary, attackers then create a fake “Master Face” designed for use as a form of impersonating a legitimate user by using facial recognition technology. Additionally, attacks based on presentation attacks have been performed by using photographs, 3D models, and/or video with hopes of passing off as legitimate biometric samples. Presentation attacks can be very difficult to detect since they typically occur on systems without advanced liveness detection.
v) Covert biometric threats and exploitation are not only resulting in unauthorized surveillance, but they have also contributed to the creation of a burgeoning black market for illegitimately obtained biometric databases. Biometric data can be compromised just like credit card and other private information, including fingerprints, facial templates and voiceprints, which can also be sold and bought on the dark web.
vi) Machine learning algorithms are enabling cybercriminals to replicate faces, fingerprints and voices in such a way that they have been capable of circumventing biometric security protocols without detection. There have been very few controls to contain the black market for stolen biometric databases and law enforcement agencies have been struggling to keep up with the growth of this underground market for biometric data.
vii) Deepfakes can be used by attackers to mimic an individual’s voice or face, evading security systems that recognize those distinctive biometric characteristics.
viii) Biometric technologies can help improve the ability of law enforcement and government to detect and prevent crime and terrorism, but they are open to abuse. The case for privacy in government surveillance and the use of biometric technology has been going to increase as biometric technologies continue to be developed.
In the Final Analysis
In this modernized world, deepfake technology can be integrated and mixed with ai to create a mismatched profile to access data that too can be harmful results into security breach and identity reveals.
For facial recognition and fingerprint reader systems, this type of hacking can happen by way of what is called a presentation attack, where the hacker spoofs or uses the biometric signature of the user.
A presentation attack can take the form of using a fingerprint that has been captured from the individual using the system or a photo taken without the knowledge of the target that will unlock the system via facial recognition.
Frequently Asked Questions
What all things have been included in biometrics?
Biometrics include fingerprints used for fraud detection, voice, retina and facial patterns for recognizing to be the same person who accesses the data.
Biometrics has been a user-friendly technology.
Yes, biometrics have been more centric to protect user identities and keep data safe and stored.
What has been BioStar 2 mentioned in historical context?
In 2019, the BioStar 2 system experienced a huge breach due to insufficient security, compromising the biometric data of over one million individuals. This includes unencrypted data from bank staff and the UK police, demonstrating that even high-tech systems can be vulnerable if not maintained properly.
Meaning of Master Face Dictionary Attack?
In an MFDA, an attacker compiles a vast database of faces sourced from the internet or previous dumps. They then use this information to create a “Master Face”; a synthesised image designed to match as many valid user templates as possible in order to gain unauthorized access.
References
https://gca.isa.org/blog/5-benefits-of-implementing-biometric-authentication-in-cybersecurity
https://mkscienceset.com/articles_file/365-_article1713938876.pdf
https://www.proofpoint.com/us/threat-reference/biometrics
