You are here: Resources > FIDIS Deliverables > HighTechID > D3.2: A study on PKI and biometrics > 

D3.2: A study on PKI and biometrics

Security Aspects  Title:
 Biometrics and cryptography


Will biometrics help?

Biometrics can be a means of reliable, fast and secure user authentication: but only if certain conditions are met. It turns also out that some of these conditions are difficult to achieve. 

While biometric authentication systems can replace traditional authentication systems and eliminate the need for password or token management, biometric systems themselves require a template management because also biometric templates must be updated from time to time. 

Non-biometric authentication systems are often based on secrecy of some data. If such secret data are revealed or there is other confidence the user is in possession of such data then the user is authenticated. We assume that the secret data is shared only by the genuine user and the authentication system, therefore the evidence of having access to such data is sufficient to authenticate the user. We do not have to bother whether the keyboard the user used to type the password is trusted by the authentication system or not. 

Biometric authentication systems are based on data that cannot be considered secret. Therefore we cannot successfully authenticate a user only by comparing the biometric data with the template. If biometric data is not secret then any other user could also supply such data. To make biometric authentication secure we have to guarantee that the biometric data come from the user being authenticated and were captured at the time of the authentication. 

This implies that the biometric input device must be trusted by the biometric authentication system to provide only genuine measurements. This is in practice not so easy to assure. Typically, the authenticity of the input device should be verified (so that it is not possible to replace the input device with an imitation device that sends fake data), which might require cryptographic keys (and related key management). Next the device should be tamper resistant, otherwise an attacker could replace or disable some components or inject its own data. Safeguarding the tamper resistance of a device of the size of a typical biometric input device is not an easy task. It is in fact a question whether that is at all possible at a high level of security (e.g. comparable with tokens). 

Last but not least we have to mention the aliveness test. Biometric authentication system must process only genuine biometric characteristics belonging to the authenticated user. Forged (changed or artificial) biometric data must be rejected. This test must not only check the aliveness of the person but also the relationship between of the person and the captured biometric data (otherwise we could successfully check the brain activity of an attacker but capture a fingerprint of a plastic finger). This is sometimes also called the aliveness test and it is very dependent on the biometric technology.  It will be different for the different systems: fingerprint based systems and iris-based system. Currently there is a lack of reliable and inexpensive aliveness tests. Most current commercially available aliveness tests can easily be cheated.

The requirement of the trusted biometric input device limits the use of remote biometric authentication. If a bank wishes to secure the access to its Internet banking biometrically it has to provide its clients with a biometric input device, the authenticity of the device must be verified, a reliable aliveness test must be included and the device must be tamper resistant. This is currently quite difficult to accomplish. The biometric device is in the possession of the client who is able to experiment with it as much as he/she wants. 

A constant human supervision of the biometric device/system could avoid some of the previously mentioned requirements. Issues such as whether a guard will notice a thin plastic layer on the thumb are still open to discussion. 

Non-biometric systems based on the secrecy of data can relatively easy deal with the situation when the supposedly secret data are disclosed. New secret data are generated and distributed to relevant parties. Biometric systems do not have such an option. Biometric data are (or at least should be) unchangeable and invariant over time. Therefore such a recovery of the security of the system after an incident is not possible. 



Security Aspects  fidis-wp3-del3.2.study_on_PKI_and_biometrics_03.sxw  Biometrics and cryptography
Denis Royer 24 / 40