Security and Privacy Implications of Biometric Authentication, ITC595

Verified

Added on 2021/06/18

AI Summary

This report, authored by a student at Charles Sturt University for the ITC595 course, investigates the security and privacy implications of biometric authentication. It explores the working principles of biometric systems, highlighting their advantages such as unique identification and the elimination of password-related issues, as well as disadvantages including technical shortcomings like false negatives and security breaches. The report categorizes security issues into technical and non-technical aspects, discussing their impact on users and the system. A literature review examines the application of biometrics in e-payment and university ID authentication, and in smartphones, pointing out security flaws and the lack of comprehensive solutions. The report emphasizes the need for systems that mitigate security flaws and offers recommendations for improving biometric systems from both privacy and security perspectives. The report concludes that biometric authentication has the potential to be a convenient authentication method after addressing its security drawbacks.

SECURITY IMPLICATIONS IN BIOMETRIC
A. Author
ITC595 MIT, School of Computing & Mathematics, Charles Sturt University
author@first-third.edu.au
ABSTRACT – Biometric is based on the emerging
technology which is applicable as the new way for the
authentication. The biometric uses the figure prints or the
iris scan of the authorized users for the authentication. This
technique provides a tight authentication technique for the
identification of the users. However, there are some of the
drawbacks of using biometric for authentication. This study
will discuss the working principle of biometric along with
its advantages and disadvantages. This paper will discuss
the way of security issues are the main advantages of using
this technique. However, this security factor may become
the disadvantage of biometric (Toch et al.,2018). There are
also privacy implications those apply to the use of
biometrics, which is also discussed in this paper. The
primary objective of this paper is to find the usefulness of
biometrics in the context of privacy and security field. To
do those, this paper initially discusses the background the
basic knowledge related to biometric. The advantages and
disadvantages of using biometric are also in the focus of the
discussion along with the particular challenges of using
biometric (Carpenter et al.,2016). It has been seen that the
difficulties generally happens in maintaining the security
and privacy. The security issues are closely related to the
privacy factors; as the violation of the security issues, many
cause the disclosure of the private data of the users.
Challenges and the recommendations for handling those
challenges are discussed. The recommendations are made
so that the biometric system can be modified and
improvised both from the privacy and security aspects.
Keywords— Biometric authentication, security, 3W,false
negative, security breaches
INTRODUCTION
Biometric is an emerging technology, which is used for the
authentication and security purpose. However, there are certain
advantages and disadvantages of using biometric as the method
for authentication. To discuss the use of biometrics for the
authentication, the basic knowledge along with the working
principle of this technology is needed to be evaluated.
Biometric can be used in different ways for the authentication
purpose. The method of using the biometric depends on the
requirements of the organisation or the authentication authority
[6]. However, there are certain security breaches and the
technical issues present in the use of biometric authentication
which can raise the difficulties in using this technology. Apart
from that, the security flaws in the system help the
unauthorised entity to access the authorised data and
information. This article has discussed the essential working
condition of the biometric security system, which will be useful
to identify the authorized users. The detailed discussion about
the advantages and disadvantages helps to determine the
security flaws present in the system and the opportunities for
the further modification and improvisation of the system.
Different usage of biometrics discusses the security flaws,
regarding the user authentication. The identification of the
disadvantages is based on the chances of violating security
regulations. Primary recommendations are made by this article
for the improvisation of the biometric system. Disadvantages of
using biometric points to the need for a system that can
eliminate or mitigate the security flaws. This article has
proposed a system based on the derived recommendations
which will possibly reduce the security flaws of biometric.
However, the success of the proposed system is based on the
particular conditions and other non-technical factors such as
awareness among the people and way of using the system by
the user. This paper concludes that biometric can be used as a
convenient option for authentication after the elimination of its
drawbacks.
A. Research Problem
The primary purpose of this article is to research on the
implications of the security regarding the use of biometrics.
The main advantage of the accurate biometric authentication is
that it can grant access to the authorized users. This research
raises particular research questions and the research areas. The
problems which have been highlighted regarding the objective
of this paper are-
• The security issues in the biometric process.
• The difference between the types of security issues.
• The impact of different security issues on the users and
the whole system.
• The security flaws in the biometric system which can be
exploited by the unauthorised authority.
• Possible methods to eliminate the security flaws in the
system.
• Recommendations based on the findings of those
methods.
• Proposing a system that will reduce certain security
breaches in the biometric system along with that it will also
mitigate the effect of violation of security.
B. Research Justification
The study on the security implications of the biometric
security is needed as biometric has become a famous way of
authentication. Biometric uses the physical identification of the
human being as the passkey to validate the authorised access. It
may be a steady way of proving authenticity. However, the
uniqueness of the biometric may be misused, and an
unauthorised entity can trick with this uniqueness. Specific
incidents have happened where biometric authentication has
failed to achieve its purpose. To understand the flaws of the
biometric, the understanding of the working system of this
technology needs to be discussed so that identification possible
ways for the violation of the security can be identified. The
advantages of using biometrics indicate the popularity of using
biometric as the way for authentication.
Working Principal of Biometric: Biometric uses the physical
presence of the human to give the authentication for the access.
Different parts such as the iris of the eye or the figure prints are
used as the passkey. Sometimes, face scanning is also used in
the biometric authentication. The scanned details of the iris or
the face or the figure print of the authorised person is recorded

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

electronically in the biometric system. During the access of
particular thing, the approved person has to use his or her
figure prints or the scanning of iris or face. The system
provides access if the given pattern of authentication by the
user is matched with the recorded authentication pattern in the
order. Otherwise, the access gets denied by the system.
The advantages of biometric are-
• Unique identification: The figure prints or the iris is
different and unique for the individuals. In this case, the
passkey for the individuals will be unique.
• Eliminate the disadvantage of forgetting the password: In
the traditional way of the security system, passwords are
provided to the users. In case, if the user forgets the password,
that authorised user cannot gain the access. In the biometric
authentication system, the passkeys are the fingerprints or the
scanning of the face or iris, which eliminate the disadvantage
of using passwords.
• Eliminate the chances of forge: The authentication
process cannot be easily forged in the biometric system, which
ensures the adequate security of the system.
• Profitable: The implementation of the biometric system is
beneficial as it delivers the excellent return on investment [24].
The installation of the biometric is easy and does not require
many resources. Apart from that, it reduces paperwork and the
cost of resetting the password.
• Scalable: The business growth requires the scalable
solutions. Using biometric is scalable security solutions for the
growing business.
These advantages play an essential role in increasing
popularity of the use of biometrics. However, there are some
disadvantages of biometric which can be regarded as the
security flaws of biometric, as these flaws act as a constraint
for the biometric authentication for reaching its objectives. The
security issues of the biometric system can be categorised into
two types-
• Technical shortcomings
• Non-technical shortcomings
Technical faults:
Security: The significant advantage of biometric is security.
However, the safety is also the principal disadvantage of this
system. The security can be breached with the help of advanced
technology in the biometrics. Duplication of the figure prints
and iris scan can be used to violate the protection of the
authentication system. In this case, the unauthorized person can
somehow collect the figure prints of the authorized person to
get access.
Technical issues: Sometimes biometric system develops
problems technical like generating false negative results. In this
case, the authorised person gives the right passkey for the
access to the system, but the system denies the access [20].
Similarly, the system sometimes gives the false positive results,
giving them access to the unauthorised person. However, the
occurrence of false negative is higher than false positive.
Issues of resetting the passwords: In case, if there is the need
for resetting the password, the problem can arise [21]. In the
biometric authentication system resetting of the password is not
possible as it uses the unique identification of individual
human. In this case, if authorized tea person chooses to reset
the passkeys for the security purpose, the decision cannot be
carried out.
To eliminate these above mentioned disadvantages, the
security implications of the biometric authentication system in
needed to be done.
LITEERATURE REVIEW
The comparison of fingerprint-based biometric
authentication with the traditional authentication process can be
evaluated in the generation of e-payment method[1]. To
propose a model for e-payment based on the biometric
authentication, the comparison with the conventional system of
e-payment has been discussed The invention of the use of
biometrics in the e-payment process will bring the revolution in
the e-commerce sector. However, there are some risks
associated with this system. The paper has covers the possible
dangers those may involve in the proposed method [25]. The
research model is based on the individual’s perspective of
making e-payment. The result of this paper shows the use of
biometrics has significant impacts on individual’s safety and
security. However, this paper has proposed a system for the
biometric authentication in e-payment but does not concern
with the model which will mitigate the security flaws of the
system. The main contribution of this paper in this article is the
process of making the authorization in the e-payment process
using biometric.
To understand the impacts of using biometrics for the
identification purpose, the security implications of using
biometrics in a university has been evaluated. The biometric-
based ID authentication has gained popularity. The introduction
of biometric-based smart cards in the university will enhance
the security in the university. There are certain advantages of
using the biometric-based system rather than using the
conventional authentication system[2]. However, there are
specific implications and constraints of using the biometric-
based system. The primary problem according to the paper is
the absence of rules and regulations of using biometrics [22].
This paper emphasis on the legal issues regarding the use of
biometric along with that it also discusses the proposed way of
implementation of biometric-based smart card authentication
system in the university. Specific problems in the biometric
system can be found from this discussion [23]. However, this
paper does not make any recommendations for overcoming all
the technical and non-technical challenges regarding the use of
biometrics.
The biometric authentication has become high end solutions
for the authentication nowadays[3]. The article shows the use
of biometrics in the smartphones and other gadgets. Different
high end mobile manufacturing companies are implementing
the biometric authentication in the devices. However, the paper
also discusses the security breaches the users face those, but it
does not provide any solution to this problem [13]. This paper
presents the different mechanisms of the implementation of
biometrics process and exploring the proven flaws in the
various devices. There is no mention of the methods for
preventing the security issues in the biometric authentication
system, and the whole discussion has been done from the
perspective of the development of smartphones.
The use of behavioural biometrics is done by the implicit
authentication process in the smartphones [4]. The method of
implicit biometric authentication has been proven more
convenient than the traditional explicit biometric authentication
process. However, there is a lack of established authenticity in
the use of graphic biometric authorization [14]. There are also
problems regarding the generation of false negative issues in
the biometric authentication which has the negative impact on
the users. The paper has discussed the usefulness and
advantages of using the behavioural biometrics in the
smartphones along with that it also enlightens the annoying
problem of the false negative results generated by the
behavioural biometrics. The pair is focused mainly on the
implementation and improvisation of use of biometrics in the
smartphone. However, it does not mention the use of
biometrics in general and the other security issues regarding the
use of biometrics. This paper has given some inputs about the

role of biometrics in the smartphone authentication, which can
be considered while proposing the system in this paper.
The paper has described the possible security challenges
raises by the biometric authentication in the field of
technological security [5]. The primary focus of the article is
on the face biometric authentication which takes the scanning
of the face as the authentication key for the access. Several
examples of successful use of biometric databases have been
discussed in this paper. There are certain advantages of the use
of biometrics as the substitute of the conventional system.
However, there are security holes in the system which can be
exploited by the criminals. This paper discusses the
opportunities and the advantages of using biometrics [12].
Apart from that the document is also concerned about the
security flaws of using biometric authentication process.
However, this article has not discussed the ways to prevent
these security breaches and did not make any recommendation
for the implementation of the system that can mitigate those
security flaws.
Literature gap: All the papers have been discussed about
the possible security implications and the use of biometric
authentication[15]. However, there is no discussion about the
use of biometrics in general context and its security
implications. The method of biometric authentication has
discussed the possible security threats regarding the use of
biometrics on a particular area of application [19]. This article
presents the use of biometric authentication and the possible
challenges associated with this technology. Along with that this
study also recommends some of the ways to mitigate the risks
associated with this authentication process and propose an
improvised system of biometric authentication.
C. Figures and Tables
Figure 1:Comparison of different biometric system
(Source: Benarous, Kadri& Bouridane,2017)
PROPOSED DESIGN
In the article, the proposed biometric system will help to
mitigate the chance of security threats from the unauthorized
users. The findings from the literature review have been taken
into concern while implementing this system. The proposed
biometric system can be implemented in for keeping the tracks
of employees in the organization along with that it can also be
used as the security locks for any assets.
The proposed system is aimed to eliminate the primary
security flaws of the biometric authentication system, whih will
help to improve the maintain of the authentication process.
• Security issue regarding the identification of the
authorized users.
• Elimination of the false negative problem in the system
In order to eliminate the threat the possible points of attacks
in the system are identified.
Figure 2: Possible points of attacks in the biometric system
(Source: Benarous, Kadri& Bouridane,2017)
The figure shows that each components present in the
system along with the connecting channels are prone to the
attack [18]. Comparing the threats and the targets of attacks it
has been found out that some threats do not have specific target
to attack in the system. The proposed generic biometric system
architecture includes the following components:
 Cryptography: This component will ensure data
security and data integration. It will also help to
ensure the security of data stored in the connecting
channels.
 Audit: This section will keep the track of data for
future analysis. This section will record the entries
made by the users using the biometric system.
 Power: This section will help the biometric system
portable[9]. In case the biometric system is away from
the source of the power, the power section will
provide the requires power for the working of the
system.
 Environment and the users: This section will help to
eliminate the false negative cases caused the
system[7]. This section is well developed with the
machine learning technology that will evaluate the
data entered by the authorized user in a intelligent
manner, so the authorized user of the system can gain
the access of the data.
3W trees:
The 3W trees helps to deal with the security threats from the
unauthorized entity accessing the biometric system by
identifying the loopholes in the system [16].3W raises the
questions what, how, and who regarding possible attackers in
the system. Answering these questions helps to identify the
types of security attackers in the system [10]. The proper
identification and knowing the pattern of the attacks helps to
find the way of prevention of these attacks.

Figure 3: Possible types of attackers in the system
(Source: Benarous, Kadri& Bouridane,2017)
Who: The attackers are classified into three classes. Class 1
attackers have moderate knowledge about the system but have
sophisticated tools for breaching the order. Class 2 attackers are
also known as insiders [17]. They are highly knowledgeable
about the system and mostly works inside the organization,
where the system belongs. Class 3 attackers are the group of
the funded organization who are aimed to make a sophisticated
attack o the system[8]. It can be assumed that no operation can
be entirely safe from the class 3 attackers, so, the primary
purpose of the proposed system is to build a security a system
that will prevent the attacks from class 1 and class 2 attackers.
How: The attacks can be made in three possible ways-
• Passive approach: The attackers can manipulate the device
remotely.
• Active approach: The attackers can interface with the
network and the device and can manage the data in the secured
domain.
• Possession: The attacker can take control of the whole
device manually or remotely.
What: This section identifies the threats and the proposed
security techniques to eliminate those threats [11]. The security
measures which are implemented in the system when the
system detects the possible security threats are evaluated under
the attributes, and the system takes ten specific steps.
Figure 4: The processing of the threat by the system
(Source: Benarous, Kadri& Bouridane,2017)
CONCLUSION
It can be concluded from the above discussion that use of
biometrics has certain advantages and disadvantages. The
disadvantages are individually the chance of security breaches
presents in the system. The biometric uses the physical features
of the human such as iris scanning and the figure print
authentication for giving the access to the system. This security
system has developed a significant change in maintaining the
secure authentication process. It has the excellent return on
investment, and the confusion over the password can be
eliminated through this system. However, the security flaws
those are present in the system can be exploited by the hackers
ad the technical faults such as face rejection can happen in the
order. To eliminate these flaws, the identification of the reasons
for the problem has been made by this paper. The proposed
system is based on the recommendations for the modifications
of the system. The proposed method can eliminate the two
essential kinds of the security flaw in the order. One is the
prevention of the external attacks which can be caused by the
intruders. The other security flaw is the issues regarding the
false negative. However, there are other problems related to the
use of biometric which are more functional problems by nature.
The paper gives the overall general description of the use of
biometric along with the security implications along with the
proposed model for developing the modified system of
biometric authentication.
REFERENCES
[1] Ogbanufe, Obi, and Dan J. Kim. "Comparing fingerprint-
based biometrics authentication versus traditional
authentication methods for e-payment." Decision Support
Systems (2017).
[2] Eberz, Simon, Kasper B. Rasmussen, Vincent Lenders, and
Ivan Martinovic. "Evaluating behavioral biometrics for
continuous authentication: Challenges and metrics."
In Proceedings of the 2017 ACM on Asia Conference on
Computer and Communications Security, pp. 386-399.
ACM, 2017.
[3] Harinda, Eugen, and Etienne Ntagwirumugara. "Security &
privacy implications in the placement of biometric-based ID
card for Rwanda Universities." Journal of Information
Security6, no. 02 (2015): 93.
[4] King, Alex. "Biometric Security in the Mobile Age." (2016).
[5] Roy, Aditi, Nasir Memon, and Arun Ross. "MasterPrint:
exploring the vulnerability of partial fingerprint-based
authentication systems." IEEE Transactions on Information
Forensics and Security 12, no. 9 (2017): 2013-2025.
[6] Carpenter, D., Maasberg, M., Hicks, C., & Chen, X. (2016).
A multicultural study of biometric privacy concerns in a fire
ground accountability crisis response system. International
Journal of Information Management, 36(5), 735-747.
[7] Toch, E., Bettini, C., Shmueli, E., Radaelli, L., Lanzi, A.,
Riboni, D., & Lepri, B. (2018). The Privacy Implications of
Cyber Security Systems: A Technological Survey. ACM
Computing Surveys (CSUR), 51(2), 36.
[8] Clarke, Nathan, Jane Symes, Hataichanok Saevanee, and
Steve Furnell. "Awareness of mobile device security: a
survey of user's attitudes." International Journal of Mobile
Computing and Multimedia Communications (IJMCMC) 7,
no. 1 (2016): 15-31.
[9] Khan, Hassan, Urs Hengartner, and Daniel Vogel. "Usability
and Security Perceptions of Implicit Authentication:
Convenient, Secure, Sometimes Annoying." In SOUPS, pp.
225-239. 2015.
[10] Elliott, Steven J., Kevin J. O'connor, Colin R. Patterson,
Andrew D. Marshall, and Matthew W. Sprau. "Customized
biometric data capture for improved security." U.S. Patent
Application 15/031,003, filed September 15, 2016.
[11] Wolf, Flynn, Ravi Kuber, and Adam J. Aviv. "Preliminary
Findings from an Exploratory Qualitative Study of Security-

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Conscious Users of Mobile Authentication." In WSIW@
SOUPS. 2016.
[12] Ruoti, Scott, Brent Roberts, and Kent Seamons.
"Authentication melee: A usability analysis of seven web
authentication systems." In Proceedings of the 24th
International Conference on World Wide Web, pp. 916-926.
International World Wide Web Conferences Steering
Committee, 2015.
[13] Kraus, Lydia, Robert Schmidt, Marcel Walch, Florian
Schaub, Christopher Krügelstein, and Sebastian Möller.
"Implications of the Use of Emojis in Mobile
Authentication." In WAY@ SOUPS. 2016.
[14] Steinbart, Paul John, Mark J. Keith, and Jeffry Babb.
"Examining the continuance of secure behavior: a
longitudinal field study of mobile device
authentication." Information Systems Research 27, no. 2
(2016): 219-239.
[15] Bonneau, Joseph, Cormac Herley, Paul C. Van Oorschot,
and Frank Stajano. "Passwords and the evolution of
imperfect authentication." Communications of the ACM 58,
no. 7 (2015): 78-87.
[16] Soni, Prachi, and Monali Sahoo. "Multi-factor
authentication security framework in cloud
computing." International Journal of Advanced Research in
Computer Science and Software Engineering 5 (2015).
[17] Lin, Hao, Fengtong Wen, and Chunxia Du. "An improved
anonymous multi-server authenticated key agreement
scheme using smart cards and biometrics." Wireless
Personal Communications 84, no. 4 (2015): 2351-2362.
[18] Holz, Christian, and Frank R. Bentley. "On-demand
biometrics: fast cross-device authentication." In Proceedings
of the 2016 CHI Conference on Human Factors in
Computing Systems, pp. 3761-3766. ACM, 2016.
[19] Ren, Chun-xiao, Yu-bin Gong, Fei Hao, Xin-yan Cai, and
Yu-xiao Wu. "When biometrics meet iot: A survey."
In Proceedings of the 6th International Asia Conference on
Industrial Engineering and Management Innovation, pp.
635-643. Atlantis Press, Paris, 2016.
[20] Suruthikeerthana, V., and S. Uma. "AN EXTENDED
VISUAL CRYPTOGRAPHY WITH DYNAMICALLY
AUTHENTICATED ERROR AVOIDANCE SCHEME
FOR BANK APPLICATIONS." (2016).
[21] Nadalin, Anthony, Michael Jones, and Phil Hunt.
"Authentication Method Reference Values." (2017).
[22] Jones, Mike, P. Hunt, and A. Nadalin. Authentication
Method Reference Values. No. RFC 8176. 2017.
[23] Chattopadhyay, Ankur, Michael J. Schulz, Clinton Rettler,
Katie Turkiewicz, Laleah Fernandez, and Askar Ziganshin.
"Towards a Biometric Authentication-Based Hybrid Trust-
Computing Approach for Verification of Provider Profiles in
Online Healthcare Information." In Security and Privacy
Workshops (SPW), 2017 IEEE, pp. 56-65. IEEE, 2017.
[24] Jeddy, Nadeem, T. Radhika, and S. Nithya. "Tongue prints
in biometric authentication: A pilot study." Journal of oral
and maxillofacial pathology: JOMFP 21, no. 1 (2017): 176.
[25] Benarous, Leila, Benamar Kadri, and Ahmed Bouridane. "A
Survey on Cyber Security Evolution and Threats: Biometric
Authentication Solutions." In Biometric Security and
Privacy, pp. 371-411. Springer, Cham, 2017.