Skip to main content
Hashnodebtw, I read Galex's Blog 🧸

Command Palette

Search for a command to run...

Biometric Identification Systems

Published
10 min read
Biometric Identification Systems
G
Gabriel Barrientos

In this article, we will cover the concepts and methods of biometric authentication as well as its applications in operating systems, use cases, comparisons against traditional methods and limitations, so we will see how secure it is, why it should be used and what innovative developments it will bring in the near future.

En este artículo, cubriremos los conceptos y métodos de autenticación biométrica así como sus aplicaciones en sistemas operativos, casos de uso, comparaciones contra los métodos tradicionales y limitaciones, de esta manera veremos qué tan seguro es, por qué se deben usar y qué desarrollos innovadores traerá en un futuro próximo.

INTRODUCTION

Biometric authentication is a secure process that relies on a person's unique biometric data to verify that they are who they are. Biometric authentication systems compare physical or behavioral characteristics with actual data stored and validated in a database. Authentication is verified if two biometric patterns match. Typically, biometric authentication is used to manage access to physical and digital assets, such as buildings, rooms and IT equipment.

Biometrics uses biometric data such as fingerprints or retinal scans to identify a person, while biometric authentication uses biometric data to verify that people are who they say they are.

Use Cases

Law enforcement

Law enforcement, state and federal agencies use different types of biometric data for identification purposes.

For example, the Automated Fingerprint Identification System (AFIS) is a database used to identify fingerprints. It was first used in the early 1970s as a way for police departments to automate their manual fingerprinting process, making it faster and more efficient. In the past, trained human inspectors had to compare fingerprint images with those on file. If there was a match, the examiner would recheck both prints to verify the match. Today, AFIS can match fingerprints against a database of millions of fingerprints in minutes.

Travel

Electronic passports (e-passports) are the same size as traditional passports and contain a microchip that stores the same biometric information as traditional passports, including a digital photo of the holder. The chip stores a digital image of the passport holder's photo, which is associated with the holder's name and other identifying information. E-passports are issued electronically by a country's issuing authority, verify the applicant's identity through fingerprints or other biometric information, and confirm the data on the chip with information provided by the applicant before issuing the passport.

Healthcare

Hospitals use biometrics to track patients more accurately and avoid confusion, while clinics and doctors' offices apply biometrics to keep patient information secure. With biometric data, hospitals can store and access patient medical records. This information can be used to ensure that the right patients receive the right care, whether it's faster identification in an emergency or preventing medical errors.

Biometrics In Operating Systems

Secure Enclave

It is not just a simple co-processor used in Apple devices, as it actually acts as a separate computer within the device. The co-processor uses its own microchip channel, which cannot be accessed from the main operating system (or any application) and has 4MB of dedicated memory to store the 256-bit elliptic curve private key.

By safeguard, nothing can access these keys, or rather the system requires the co-processor to use the keys to decrypt the information it needs, but these are never shared with the system, nor are they operated or sent to the cloud.

What is the purpose of a secure area?

This memory is isolated so that no one has access and is very difficult to compromise, making it difficult for users or attackers to decrypt smartphone data without biometric information. Some applications can also store biometric information in this memory, but they will never have access to it and can only request that their data be encrypted and decrypted using these keys.

Windows Hello

When Windows 10 was first released, it included Microsoft Passport and Windows Hello, which together provided multi-factor authentication. To simplify deployment and improve compliance, Microsoft has consolidated these technologies into a single solution called Windows Hello.

Windows Hello is a biometric authentication feature that improves authentication and prevents impersonation using facial recognition and fingerprints.

Windows Hello Authenticator is used to authenticate employees and grant them access to the corporate network. Authentication is not passed between devices, is not shared with a server and cannot be easily extracted from a device. If multiple employees share a device, each employee will use their own biometric data on the device.

Where does Windows Hello store data?

The biometric data to support Windows Hello is stored locally on the device only. It is not sent to an external server or device. This separation helps deter potential attackers by preventing the creation of a single collection point where attackers can emerge to steal biometric data. Furthermore, even if an attacker obtains the biometric data from the device, there is no way to convert it back to the original biometric pattern that the biometric sensor can recognize.

Each sensor in the device has its own biometric database file where the sample data is stored. Each database has a unique randomly generated key that is encrypted in the system. The sensor sample data will be encrypted with this key in the database using AES with CBC binding mode. The abbreviation is SHA256.

Biometric Authentication Methods

The following technologies can be used to digitally identify individuals or grant them permission to access a system:

  • Chemical biometric devices.

    • DNA (deoxyribonucleic acid) matching uses genetic material to identify a person.

  • Visual biometric devices.

    • Retinal scans identify subjects by analyzing the pattern of blood vessels in the back of their eyes.
    • Iris recognition uses an image of the iris to identify individuals.
    • Fingerprint scanning identifies people based on their fingerprints.
    • Hand geometry recognition verifies identity or authorizes transactions using a mathematical representation of the unique characteristics of people's hands. It does this by measuring the distances between various parts of the hand, such as the length and width of the fingers and the shape of the valleys between the knuckles.
    • Facial recognition relies on the unique characteristics and patterns of people's faces to confirm their identity. The system identifies 80 nodal points on a human face, which form numerical codes called facial fingerprints.
    • Ear authentication verifies identity based on the unique shape of the user's ear.
    • Signature recognition uses pattern recognition to identify people from their handwritten signature.

  • Vein or vascular scans.

    • Finger vein identification identifies people based on the patterns of the veins in their finger.

  • Behavioral identifiers.

    • Gait analyzes the way people walk.
    • Handwriting recognition establishes people's identity based on their unique handwriting characteristics, including how fast they write.

  • Auditory biometric devices.

    • Voice identification identifies people by their voice and is based on characteristics created by the shape of the mouth and throat.

Is biometric identification technology secure?

Biometric processes are more convenient, but are they reliable? The providers that use them must ensure that the data is stored securely and encrypted directly on the device not how it was or still is done in large servers (cloud) because if these are hacked the data and the encryption system itself is lost so the thief can enter the system thousands of times (Juan Sebastian Gomez).

The biometric system, yes, improved security but also has some problems for example Israeli researchers managed to hack a database of 23gb with more than 27 million personal data (fingerprints, face, name, name, password of that user and many more) of more than 1 million people.

These types of dangerous vulnerabilities are very common and unfortunately often receive very negative responses from companies who will be told that the vulnerability is a threat, not a help (Rotem and Locar).

So even biometric passwords are not 100% foolproof, still it is a much safer way to protect our digital activities, manufacturers are relying more and more on biometric security. Now we will see a comparison between some biometric vs password security methods:

Fingerprint Vs Password.

The fingerprint is much more convenient, just place your finger on the sensor of the device and it is easier than typing a password, which have more disadvantages because they are insecure and are subject to many attacks, besides being a very old-fashioned method but it is easy to implement and that is why it is so widespread (Prof. Dr. Christoph Meinel).

Facial Recognition Vs Password

It is a question of cost, the more sensors you use the more accurately you can capture a fingerprint, face or other biometric feature. The level of security depends on how the system is implemented. If there are enough sensors it is more secure than a password (Prof. Dr. Christoph Meinel).

Iris recognition Vs Password

Iris scanning, fingerprint, fingerprint, facial recognition are similar methods, you take a constant characteristic of the individual and the system recognizes him/her based on that. I have to memorize the password, I can't write it down because if someone finds it they could impersonate me. The future lies in multifactor authentication of at least two characteristics and I believe that the methods that least disturb the user will prevail (Prof. Dr. Christoph Meinel).

Cancelable Biometric Data

However developments continue and this is where cancellable biometrics comes in where biometric data is not stored one by one (one piece of data and one record).

Cancellable biometrics refers to the intentional and systematically repeatable distortion of biometric characteristics in order to protect sensitive user-specific data. If a cancellable feature is compromised, the distortion characteristics change, and the same biometric is assigned to a new template, which is subsequently used. Cancellable biometrics is one of the main categories for biometric template protection, in addition to the biometric cryptosystem (Dr. Andrew Teoh Beng Jin and Mr. Lim Meng Hui).

Cancellable biometrics provides privacy protection as the user's actual biometric data is never exposed during the authentication process. It provides feature-level pattern protection with irreversible transformations/cuts. On the other hand, biometric data that can be destroyed has certain limitations that need to be taken into account, for example in biometric designs that may become unreliable in case of data leakage of auxiliary material.

DNA-ID Statistical and Theoretical Analysis

The most commonly studied or used biometric data are fingerprints, facial, iris, voice, signatures, retinas, and geometric patterns of hands and veins (Shen and Tan, 1999; Vijaya Kumar et al., 2004). There is no one-size-fits-all model. In addition, these techniques are based on feature similarity measures. This leads to inaccuracies that make the modern state unsuitable for general purpose deterministic systems. However, information on DNA polymorphisms such as STR (Short Tandem Repeat Structure) and SNP (Single Nucleotide Polymorphism) provides the most reliable individual identification. These data can be identified at a minimum, digitally, and remain unchanged during life or after death.

Probability of match between the DNA-IDs of any two persons

The probability p that the STR count at the same locus (specific site on the chromosome where a gene or other DNA sequence, such as its genetic address, is located) is identical for any two people can be expressed as:

\[ When\:j\:=\:k,\:\sum _{j=1}^m\left(p_j\cdot p_k\right)^2 \]

\[ When\:j\:\ne \:k,\:\sum _{1\le jk\le m}^m\left(2p_j\cdot p_k\right)^2\:\: \]

\[ p=\sum _{k=1}^m\:\left(p_j\right)^4 \]

\[ +\:\sum \:_{1\le \:jk\le \:m}^m\left(2p_j\cdot \:p_k\right)^2 \]

The probability that the STR counts at locus i match for any two individuals is denoted p_i. When n loci are used, the probability p_n that the DNA-IDs of any two individuals match is as follows:

\[ p_n= \]

\[ \prod \:_{i=1}^n\left(p_i\right) \]

Here it is assumed that there is no correlation between STR loci.

CONCLUSIONS

There are also limitations to DNA identification, including long analysis times, ethical issues and high costs. However, they suggest that DNA identification should be used as a biometric method using innovative methods developed in the near future.

While biometrics has many advantages in some areas, there is controversy about its use. For example, organizations can circumvent the security of these data-driven security systems. If criminals intercept biometric data after loading it into a central database, they can fraudulently copy the data for another transaction. For example, by intercepting a person's fingerprint and using it to access a fingerprint-protected device, criminals can gain access to sensitive data such as private messages or financial information.

ACKNOWLEDGEMENTS

Constantino Sorto, for his support with the development of the necessary faculties to be able to elaborate this type of documents and quality in education.

REFERENCES

  1. Romero, M. S. (2019, 15 agosto). Expuestas un millón de huellas dactilares que usaban empresas, bancos y la policía. ComputerHoy. https://computerhoy.com/tutoriales/tecnologia/seguridad-millon-huellas-dactilares-brecha-bancos-policia-474811#:%7E:text=Los%20investigadores%20israel%C3%ADes%20Noam%20Rotem,unos%2023%20gigabytes%20de%20datos.
  2. DW Español. (2020, 7 enero). ¿Es segura la tecnología de identificación por datos biométricos? [Vídeo]. YouTube. https://www.youtube.com/watch?v=wLFPOeB_3a4
  3. Contributor, T. (2021, 3 noviembre). What is biometric authentication? SearchSecurity. https://www.techtarget.com/searchsecurity/definition/biometric-authentication
  4. Hashiyada, M. (2011, 26 octubre). DNA biometrics. intechopen. https://www.intechopen.com/chapters/16506
  5. G. (2022, 9 marzo). Windows Hello biometría en la empresa (Windows) - Windows security. Microsoft Docs. https://docs.microsoft.com/es-es/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise
  6. Jin, A. T. B. (2010, 10 enero). Cancelable biometrics - Scholarpedia. Scholarpedia. http://www.scholarpedia.org/article/Cancelable_biometrics
  7. ¿Está tu smartphone protegido realmente con la huella dactilar? Sistemas biométricos. (2017, 11 mayo). YouTube. https://www.youtube.com/watch?v=2YV562CK_aI

VIDEO

https://youtu.be/2mOdh5DlLK4

AUTHORS

  1. Gabriel Barrientos
  2. Andy Avelar
  3. Kevin Hernández
  4. Alejandro Ramos
#security

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

btw, I read Galex's Blog 🧸

6 posts