• Home
  • About
  • My Account
  • Blog
  • Success Stories
  • Contact
Bayometric Bayometric Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
Sep 29

How Different Techniques Are Leveraged To Secure Biometric Data

  • Danny Thakkar
  • Biometric Data Security

In recent times, security of information has been a critical issue among governments, corporations and individuals alike. The issue has made most corporations alter their strategy of information security as they are generally a target of hackers and cyber criminals. Year 2016 has already set a new record of data breaches as the year saw more than 1000 incidents of identity theft as recorded by Identity Theft Resource Center. It was a 40% increase from year 2015. Information security incidents grabbed news headlines throughout the year, resulting in total 1,093 reported incidents. Year 2017 has not been any good so far either, a ransom-ware outbreak throughout the world in the month of May and June this year left many government and private outfits paralyzed. It affected several computers and systems of multiple corporations like Spain’s FedEx, Telefónica and Deutsche Bahn. It also affected computers and equipment of UK’s National Health Services, compelling it to run some healthcare service on emergency-only basis.

Electronic Information SecurityImage: A representational image of electronic information security

Recent history has been challenging for electronic information security and the trend seems to moving uphill. The fact that there is no need to be physically present or within political borders of a country to breach the layers of data security makes it even scarier. A hacker sitting thousands of kilometers away, can access information systems, breach layers of security, copy data or just encrypt it to make you pay ransom for decryption. Threats to data security are mostly posed from cross-border locations, making it complicated for law enforcement agencies to take any actions against cyber criminals.

Data security and biometric data

Increasing numbers of data security threats equally affect biometric data as well. Since biometrics has gone all electronic and automated, where biometric features are captured, processed and stored electronically on information systems and equipments, it becomes imperative to safeguard biometric data like other important electronic data. An individual’s measurable anatomical or behavioral characteristics are called biometric identifiers. Biometric identifiers of a person become a biometric template when they are sampled by a biometric recognition system and processed by pre-defined rules and algorithms within the systems. Biometric template of a person does not contain biometric data in its original form, like facial or fingerprint image. It can rather be called a mathematical summary that is produced by processing originally captured biometric pattern. Biometric templates are binary files that are in unreadable form. These templates contain the unique characteristics of a person’s biometric information, and they are the master copies that each future data acquisition would be compared to.

Though claims are often made that biometric template of an individual is of no use since they are just digital reference of one’s biometric identifiers and cannot be reverse engineered, security of this data, however is still crucial because hacking attempts are getting more sophisticated with time, and reverse engineering of biometric templates may be possible at some point of time.

Biometric data security: where data security gets complicated

Traditionally, user name and passwords are used for user identification / authentication and implementing account security. However, due to the inadequacy of password based authentication methods, world is increasingly moving towards biometrics. This is where data security gets complicated in case of biometric data. When passwords are compromised, the service providers inform their users about the incident and suggest them to change the password. Such incidents with users’ biometric data can cause irreversible damage as passwords can be changed but not biometric identifiers of a person, so the security of biometric data becomes a very crucial matter. Data security becomes increasingly complicated when it comes to the security of biometric data. Since an individual’s biometric identifiers cannot be changed, security of biometric data shall be treated as of highest priority.

Unlike security of general electronic data, there are may be many levels biometric data of a person can be compromised. Biometric data in its processed form called biometric templates. Since biometrics of an individual is captured and processed by specific equipment, security efforts for safeguarding biometric templates start right from the biometric equipment and goes till the data storage method. Biometric systems use one way encoding to save templates from being reverse engineered i.e. reconstructing biometric pattern using the biometric template. However, risk is not limited to reconstructing biometric pattern on the basis of template.

There are other vulnerabilities associated with the biometric systems like:
  • Accessing device storage to steal templates.
  • Creating a wearable replica of user biometrics using biometric template.
  • Replacing user template by an imposter’s template.
  • Bypassing the compromised template to the matching module.
  • User tracking by tracking his/her identification / authentication activities.
  • Sniffing network communication to and fro a biometric recognition system.

A biometric template can be compromised at its storage location (in which the storage is accessed and template is stolen due to substandard storage security), so securing storage becomes the first layer of security. How template is used by frauds defines degree of harm (e.g. template may be used to reconstruct biometric pattern or creating physical replica) so encoding template the way that it renders useless for criminals, becomes the second layer of security. The template itself should be secure enough to not to be misused. Since a biometric template can leverage different storage methods, which varies from storing templates in the equipment itself to a centralize database, different methods of securing the template storage has to be employed.

Storage based strategies

To store biometric data, majorly four data biometric data storage methods are commonly employed, depending on the implementation type and requirements:

Portable token

In this storage method, an individual’s biometric data is stored on a portable token such as a smart card. Storing biometric data on a smart card and not on a central database server does not require it to be transmitted over the network for verification, saving biometric data from network related vulnerabilities and exposure. With biometric data on smart-card, users have a feel they are in control of their biometric data, increasing user acceptance of the systems. Along with these advantages, this storage method also poses some disadvantages. Cost of implementation for on card biometrics is high as biometric smart-card readers are required for user identification or authentication. User has to present his biometric smart-card then biometric identifiers to the reader to get his or her identity authenticated.

Centralized biometric database

A central biometric database server is used to store biometric templates in this storage strategy. This approach offers inexpensive implementation of biometric authentication and is beneficial for users who need multi-location authentication. On the other hand, this approach poses security risk of biometric data as well. Users’ biometric data is transferred over the network (usually the internet) and it opens doors for sniffing. A hacker can recreate authentication session and perform a transaction. Encryption solves this problem but storage and access rights to the encryption keys become another issue. Deciding where encryption keys will be stored and who will have access to them can be a complex matter when encryption is used.

Individual workstations

As the old proverb goes, “never put all your eggs in one basket”, storing biometric data on individual workstations can help keep data distributed among several workstations. Distributed approach can save data in case of an incident of data breach. This approach seems better than storing data on biometric equipment itself, as workstation tower is more challenging to steal than the biometric recognition systems, owning to their size and level of exposure.  On the other hand, this approach also raises security concern as personal workstations may have meager or substandard security than a central database server. Unlike centralize database approach users cannot authenticate identity from multiple locations.

Biometric recognition systems

Storing biometric data on the recognition systems offers a viable advantage of quick response during user authentication as reference template is locally stored and can be fetched quickly, unlike centralized database approach, in which the systems has to access the biometric database server on the network (typically via the internet). Storing biometric data on the equipment itself promises quick response time as the recognition system does not depend on external systems, which may be in an unknown status, along with unknown status of communication channels (the internet).

Techniques employed to protect biometric templates

Techniques employed to protect biometric templates can be largely divided into two categories:

Feature transformation

Feature transformation is a group of methods that create new features (predictor variables). The methods are useful for dimension reduction when the transformed features have a descriptive power that is more easily ordered than the original features. In this case, less descriptive features can be dropped from consideration when building models.

Biometric Data Security with Feature TransformationImage: Authentication mechanism with feature transformation secured biometric template

Feature transformation methods are contrasted with the methods presented in Feature Selection, where dimension reduction is achieved by computing an optimal subset of predictive features measured in the original data. Feature transformation approach leverages a transformation function to transform the biometric template. Biometric database only store transformed template and when a match request arises, the request is also transformed using the same transformation function and the transformed probe is compared with transformed template. A random key or password is used to derive parameters of the transformation function.

Biometric cryptosystem

This approach leverages helper data to protect a biometric template. This method is also called Helper Data Method as it uses some public information about the template. No significant information is revealed by the helper data about the original biometric template. This approach is further categorized into Key binding and Key generating approach. If the key is obtained by binding a key independent of the biometric features with the biometric template is known as Key Binding approach. If the helper data is derived only from the template and the cryptographic key is directly generated from the helper data and the query biometric features, it is called Key Generating biometric cryptosystem.

Biometric Security Using a Key Generation Biometric CryptosystemImage: Authentication mechanism when the biometric template is secured using a key generation biometric cryptosystem. Authentication in a key-binding biometric cryptosystem is similar except that the helper data is a function of both the template and the key K, i.e., H = F (T; K).

Advantages and disadvantages of biometric cryptosystem

Biometric cryptosystem offers advantages like being tolerant to intra-user variation and direct key generation being useful in cryptographic application. However, if also has some disadvantages like generation of key with high stability and entropy is difficult. It required careful attention while designing helper data as it is based on specific biometric features. Revocability and diversity is also not ensured.

Conclusion

Safeguarding biometric templates can be challenging in current data security scenario where threats to data is rising with every passing day. Hacking attacks are getting more and more sophisticated, intense and complex. It is true that there is nothing much that can be done with an encrypted template, but it is more important to safeguard biometric data right at storage so that templates do not get stolen in the first place. Biometrics has become increasingly popular in recent years, however, public confidence and acceptance of the this technology will depend on the ability of system designers to demonstrate that these systems are robust, have low error rates and are tamper proof.

  • Facebook
  • Twitter
  • Reddit
  • Pinterest
  • Google+
  • LinkedIn
  • E-Mail

About The Author

Mary Clark is Product Manager at Bayometric, one of the leading biometric solution providers in the world. She has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals.

Comments are closed.

Have any questions? We will be happy to answer.

Sidebar Contact

Shop online for high quality fingerprint readers

Hamster Pro 20

hamster pro 20
Buy Online

Unity 20 Bluetooth

unity 20 bluetooth
Buy Online

Hamster Plus

hamster plus
Buy Online

Columbo

columbo
Buy Online

Fingerprint applications we offer

Fingerprint SDK

Simple and Intuitive API, NO biometrics programming experience required. Get sample code in C++, C#, VB, Java etc.
Take a Tour

Live Scan

Live scan fingerprinting allows quick and cost effective background checks of individuals.
Take a Tour

Computer Logon

Logon to Windows, Domain, Websites and Applications using fingerprints & create a ”password free” environment.
Take a Tour

Search the Blog

Categories

  • Access Control
  • Archive
  • Automotive Biometrics
  • Background Check
  • Big Data
  • Biometric ATMs
  • Biometric Authentication
  • Biometric Data Security
  • Biometric Device
  • Biometric Identification
  • Biometric Immigration
  • Biometric National ID
  • Biometric News
  • Biometric Passport
  • Biometric Payment
  • Biometric Research
  • Biometric Screening
  • Biometric Security
  • Biometric Spoofing
  • Biometric System
  • Biometric Technology
  • Biometric Terminology
  • Biometrics as a Service
  • Biometrics Comparison
  • Biometrics Examples
  • Biometrics in Banking
  • Biometrics in Education
  • Biometrics in School
  • Border Control
  • BYOD
  • Cloud Communication
  • Cloud-based Biometrics
  • Covid 19
  • Cyber Security
  • Facial Recognition
  • Finger Vein Recognition
  • Fingerprint Attendance
  • Fingerprint Door Lock
  • Fingerprint Recognition
  • Fingerprint Scanner App
  • Fingerprint scanners
  • Fingerprint SDK
  • Fingerprint with Phone
  • Future of Biometrics
  • Guest Blog
  • Hand Geometry
  • Healthcare Biometrics
  • Home Security
  • Hospitality Industry
  • Integration Guideline
  • Internet of Things
  • Iris Recognition
  • Law Enforcement
  • Live Scan Fingerprinting
  • Mass Surveillance
  • Membership Management
  • Multi-factor Authentication
  • Multimodal Biometrics
  • Network Security
  • NFA Fingerprinting
  • Palm Vein Recognition
  • Patient Identification
  • Privacy
  • Public Safety
  • Retail POS
  • Retinal Scan
  • SecuGen RD Service
  • Secure Data Center
  • Signature Verification
  • Single Sign On
  • Smart Card
  • Time and Attendance
  • Two-factor Authentication
  • Vascular Biometrics
  • Visitor Management
  • Voice Authentication
  • Voter Registration
  • Windows Biometrics
  • Workforce Management

About Bayometric

Bayometric is a leading global provider of biometric security systems offering core fingerprint identification solutions. Learn more

Products We Offer

  • Touch N Go
  • Single Sign-On
  • Biometric Access Control
  • Biometric Security Devices
  • Fingerprint Scanners
  • FBI Certified Readers
  • Live Scan Systems
  • OEM Modules

Contact Us

Footer Contact
Sending

Recent from Blog

  • How Does NFA Obtain Your Criminal History Record? February 4, 2023
  • ATF Final Rule (2021R-08F) – Attached Stabilizing Braces January 30, 2023
  • Can Live Scan Detect Masked Fingerprints? January 5, 2023
© 2007 - 2022 by Bayometric | All Rights Reserved.
  • Best Seller
  • Cart
  • Checkout
  • Policies
  • Industries
  • Knowledge Base
  • Sitemap