Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.10: Biometrics in identity management
 |
Title: PROPORTIONALITY AND REVOCABILITY |
 |
Revocability
Today, spoofing of biometric sensors and, as a result, identity theft and identity fraud using biometric systems is a realistic security threat (see section and Geradts 2006). The consequences can be severe and long lasting for the operators and users of biometric systems, because physical or behavioural features such as the face, the finger tips or the gait cannot be changed easily.
As a solution to this problem, the use of biometrics in combination with additional, revocable factors of authentication such as possession or knowledge have been suggested in the late 1990s (e.g. by Cavoukian in 1999), has been taken up by other authors (e.g. Clarke 2002) and is held up as a relevant measure (e.g. by Cavoukian in 2007). Nevertheless, many of today’s systems do not implement biometrics in a revocable way. One example of this is the European passport. The reason seems to be that currently no standardised and cost efficient solution is available that can be easily integrated into the various biometric systems. There are some new approaches like match-on-card or even system-on-card (see below, section ) that may solve the problem of revocability, but in today’s implementations they are rarely integrated (see ). Research to improve the revocability of biometrics by using specific cryptography alternatives is ongoing.
The revocability of biometrics is important for all biometric models, but it is clear that it is most crucial in the Type I government controlled ID model, where the use of the biometric identifier is mandatory for individuals in ID related documents. It is also important in the Type II a and b Access model and the Type III Mixed model as described in section 3.3.3, where the biometric used in the aforesaid documents and tokens is used in relations with the government and/or private organisations for access purposes, e.g., to e-government services or commercial banking. If the biometric has been compromised and it cannot be revoked, the relations of the individual with the government and other concerned organisations will become severely damaged, if not impossible. Revocability is less of an issue for the Type IV a Convenience model, as an individual could in that case still choose to no longer use the biometric application (e.g., for access to the house, etc) or, in case the template is compromised, and cannot be replaced, change to another method for authentication (e.g. another biometric method, a chip card or even a username-password-combination). If the biometric system is compromised, the user may eliminate it from the authentication process. Revocability is intrinsically realised in Type II c models (‘encapsulated biometrics’), where the biometric template data is never accessible to persons other than the owner. A lost or out of date device incorporating such data cannot be abused as the data can technically not leave the device. Once a device that carries an ‘encapsulated biometric’ system is out of service, the stored biometric data is lost and thus revoked.
| |
   |
|
| 17 / 40 |
