Security and Privacy Concerns in Biometrics Authentication Systems

Verified

Added on 2021/05/31

AI Summary

This report delves into the multifaceted security and privacy implications of biometrics technology. It begins by introducing biometrics as an emerging authentication method, highlighting its advantages over traditional systems like passwords and ID cards. However, the report emphasizes the critical privacy concerns associated with the collection and storage of sensitive biological data. It categorizes privacy issues into functional and application scope and discusses potential misuse, such as discrimination and unauthorized tracking. The report also justifies the need for research in this area, given the increasing reliance on biometrics in various sectors, and the importance of safeguarding sensitive data. A comprehensive literature review examines existing research on the ethical challenges, privacy threats, and different types of biometrics, including physiological and behavioral methods. The report then focuses on the technical aspects of biometrics, including biometric characteristics and the requirements for a robust system. It concludes by exploring solutions for protecting biometric templates, such as biometric cryptosystems and BioHashing, which offer methods for secure storage and privacy protection.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Biometrics for Authentication: Security and Privacy
Implications
A. Author
Education qualification
author@first-third.edu.au
ABSTRACT – In the present paper, the privacy and
security concerns in the biometrics technology have been
discussed. Biometrics is a novel technology and requires the
biological prints of the humans. However, there is privacy
and security concern with this technology. The customers
have to share their private biological prints, which can be
linked with them in future and breach their privacy. There
are two solutions to protect the privacy and security of the
system, which are Biometric cryptosystem and BioHashing.
Keywords— Biometric, Biometric cryptosystem and
BioHashing
INTRODUCTION
Biometrics is an emerging technology, which is becoming
wide spread in business organizations. It is the technology of
automatic personal recognition based on the physiological and
behavioral characteristics of a person. In contrast to previous
technologies, biometrics is based on the facial and
physiological features rather than passwords or ID cards. There
are several benefits of biometrics, in comparison to previous
technologies. With the implementation of biometrics system,
the companies have created an infrastructure to store the
personal information including crucial information for
associating the identity with the personal behavior of a person.
However, different organizations are concerned whether this
information might be abused and used to breach the individual
right to anonymity.
There are several biological characteristics, which can be
used as a measurement for biometrics. However, in order to
develop a practical biometrics system, it is important to include
those factors which can meet the requirements of performance,
acceptability and circumvention. It must be harmless to the
users and have a robust system to combat fraudulent methods.
The information stored in biometrics system cannot be lost or
stolen. Further, it is difficult for the attackers to forge or
repudiate the information, which provides inbuilt security to
the system (Jain, Ross, & Prabhakar, 2004). However, the scholars
are worried about different types of security or privacy concern
in the biometrics system. The privacy refers to the social
phenomenon, in which a person can lead his life without
intrusions. An individual can control the access to his private or
personal information. However, there are a large number of
privacy concerns surrounding the implementation of biometrics
system. Other than that, there are several issues such as
automatic methods of individual recognition can be culturally
undignified to the humans.
A. Research Problem
The privacy issues in the biometric systems can be
categorized under unintended functional scope, unintended
application scope and covert recognition. In the functional
scope, it can be stated that the identification parameters in the
biometric identifiers are biological in nature; the collectors
might provide personal information from the scanned
measurements. There is possibility that certain malformation in
fingers might be associated with different genetic disorders.
This information can be misused for discrimination against
different parts of society. The information collected by the
biometric sensors can be misused for other malicious purposes.
The biometric sensors can be used to link the bits and pieces of
information to track the identity of a person legally living in
alias. The biometric information is vulnerable to skimming,
which is surreptitious reading of the contents. In this regard, the
research problem of the present research can be developed as:
 What are the security and privacy concerns of
biometrics security systems?
B. Research Justification
In the present, most of the business organizations are
replacing older security systems with novel technologies to
increase the robustness of the system. However, with the extent
of digitization, the protection of confidential information has
become quite challenging. Previously, passwords and security
keys were considered enough in providing security to the data;
however, now the hackers are using sophisticated techniques,
which can easily crack these security systems. As a result, the
companies are increasingly using biometric security. The
benefits of biometric technology are that it is highly accurate
and guarantees protection of accurate information. However,
there are certain issues regarding the privacy and the security of
the data in the biometrics infrastructure. There is also
significant controversy regarding the privacy requirements of
the data across borders. There is security issue in storing the
biometric data in the cloud; therefore, the organization should
be considerate regarding the transfer of biometric data across
the borders (Fan & Lin, 2009). It is important that the
organizations establish technical and organizational measures
to protect biometric data from unlawful processing.
The primary challenge in the biometric data storage is that it
stores personal data; therefore, it requires additional safety
requirements. It is important to develop biometric
authentication and verification to control access to the
restricted system and information. It is important to research in
the area as the biometric data is highly sensitive and intrinsic to
a specific individual (Yanikoglu & Kholmatov, 2004, August). The
company makes additional efforts in establishing a compliance
system and infrastructure. The training staff should also learn
to protect the system infrastructure from unauthorized access or
disclosure.
LITEERATURE REVIEW
In the views of Bhargav-Spantzel, Squicciarini, Modi, S., Young,
Bertino & Elliott, 2007), although there are several benefits of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

biometrics system, it creates several ethical challenges for the
society. There are several challenges in using the personal
characteristics as the means of verification. These methods can
breach the individual’s right to privacy. The biometrics data in
its raw or template form is the personal data. There are certain
privacy threats of the biometric system. The biometric
information can be used to expose sensitive information which
can include information about the health, racial characteristics
or ethnic origin of an individual. This information will form a
basis for discrimination against an employee. It can be
critiqued that the information stored in the biometrics
comprises of secret identifiers such as fingerprints, faces and
voices, which cannot be secretly recorded (Carpenter, McLeod,
Hicks & Maasberg, 2018). However, the storage of this data
without the knowledge of the owner increases the sensitivity of
the information.
The biometrics systems are those systems, which is
dependent on obtaining the human input, which cannot be
reproduced or replicated by another human being. Previously,
passwords were used for the security purpose. However, the
security passwords can easily be guessed or replicated by the
malicious intent. There are also certain issues between
memorability of the passwords, which has contributed to the
move towards biometrics applications. Certain challenges with
the previous security systems has resulted the move towards
biometrics system (Normalini & Ramayah, 2017). Currently,
biometrics is commonly used in various security applications
such as authentication and cryptographic key generation.
In the views of (Ratha, Connell, & Bolle, 2001) the
biometrics security system can be differentiated in two main
categories, namely, physiological barriers and behavioral
biometrics. The physiological biometrics encompasses different
biological traits such as fingerprint, iris and face scan. The
behavioral biometrics includes measure certain actions of the
users such as voice pitch or handwriting. The detection of
physiological characteristics have enjoyed more attention and
integrated more in the commercial products. However, there
are certain characteristics of behavioral biometrics, which
makes it attractive for the security of the organization.
Furthermore, a malicious attacker can easily extract the
physiological biometrics, such a fingerprints, the extraction of
behavioral biometrics is not easy as it requires a user to
perform a certain action. The physiological characteristics of a
person do not change; however, behavioral characteristics
changes with time. It increases the robustness of the security
system (Ballard & Lopresti, 2007).
The human beings have certain characteristics like
face, voice and gait, which are used to distinguish one
individual from another. In the past, biometrics characteristics
have vast application in the detection of criminals and law
enforcements. There are several biological measurements,
which can qualify as biometric characteristics (Jain, Ross &
Prabhakar, 2004). The biometric refers to the characteristics,
which can be used to distinguish one person from another.
However, any biological characteristics should satisfy some
requirements, to qualify as biometric, which are universality,
distinctiveness, permanence and collectability.
The universality means that each person should have
that biological characteristics, distinctiveness refers to the
phenomenon according to which the biological characteristics
of two different people are different enough to be
distinguished. The permanence means that the characteristic
should be different for a prolong period of time (Tuyls,
Akkermans, Kevenaar, Schrijen, Bazen, & Veldhuis, 2005, July). The
collectability means that the biological characteristic can be
measured quantitatively.
According Jain, Nandakumar & Ross (2016), it can be stated
that a biometric system can be developed by keeping in
consideration several other requirements. There are certain
criteria such as performance, acceptability and circumvention.
The performance refers to the accuracy and speed of the system
with the particular biological characteristic. If the system is not
able to achieve particular standard in the performance, then it is
doomed to fail. The acceptability of the system refers to the
extent to which the particular system is accepted by the society.
The circumvention reflects the robustness of the system.
The biometric system is a pattern recognition system, which
acquires data from an individual, extract features, which
distinguish the feature from other humans and compare the
feature with other people and compare this feature with
different templates in the system. A biometric system operates
on two modes, namely, verification mode and identification
mode. In the verification mode, the system validates the
identity of a person with the previously captured biometric data
in the database (Bringer & Chabanne, 2008, June). The identity
verification is used for positively recognizing an individual and
preventing other people from using the same identity. The
identification mode is the second mode of biometrics machine.
In this mode, the system recognizes a person by matching his
biometrics feature with the previously stored templates in the
database. The system compares the data with the previously
stored data, without the user claiming, whose identity it is.
There are several biometrics characteristics, which can be
used in different applications. Each biometric feature has its
strength or weakness; therefore, the choice of biometric feature
depends on the application of feature. DNA is an effective
technique to identify the identity of an individual. However,
identical twins have the same DNA patterns (Xiang, Tang, Cai &
Xu, 2016)
However, there are certain issues with the use of DNA in
biometrics identification. Firstly, DNA can be easily stolen
from an unsuspecting subject and used for a negative intent.
Secondly, there are real-time recognition issues, which require
cumbersome chemical methods for the identification of
expert’s skills. There are certain privacy issues, such as private
information about the disease susceptibility of a person can be
gained though differences in DNA pattern. The ear can also be
used to give a unique identity to an individual. The shape of the
ear and the structure of cartilaginous tissue of the ear are
distinctive for each individual. Another biometric for
distinguishing an individual is face (Linnartz & Tuyls, 2003,
June). It is a non-intrusive method of biometric detection.
Currently, the facial images are most commonly used by the
humans to differentiate different people. The facial recognition
ranges from static and controlled verification to dynamic and
uncontrolled face identification. The fingerprints are commonly
used as a common verification medium for the personal
identification of different individuals (Prabhakar, Pankanti, &
Jain, 2003). The fingerprints of identical twins are different.
Further, the prints of each finger are also different.
The biometrics security and privacy is a major concern for
the customers and the business organizations. There are several
solutions, which can be used to handle and protect the
biometrics template. These solutions can guarantee privacy and
easy revoke to unauthorized access (Jiang, Ma & Wei, 2016).
There are two approaches, which can be used for biometrics
protection, solutions concerning with the storage of biometric
templates (biometric cryptosystem) and approach dealing with
the privacy of the biometric techniques (BioHashing). There
are different methods of storing of biometric information, such
as local token or in a central database. These methods have
different level of risks regarding administration, access and

misuse of the database. It is a significant issue in large
biometric database such as biometric passport or national
electronic identity card. The use of biometrics in the security
system breaches the privacy law as it links the information to
the tracing of individuals which violates the liberty of an
individual (Belguechi, Alimi, Cherrier, Lacharme & Rosenberger,
2011).
PROPOSED DESIGN
In the present, the research design of survey method will be
used. The survey is a valuable research method, which can be
used to assess opinion or trends at a geographical location. The
surveys are the simplest and the most common method to
gather data to address the research questions. In the survey, the
biggest challenge is developing reliable and valid measures for
the sample data (Marczyk, DeMatteo & Festinger, 2010). The
design of survey is significant in determining the quality of the
research. The survey research is an interdisciplinary process
(Creswell & Creswell, 2017). The survey includes sampling and
estimation process, which requires knowledge of probability
and statistics. The data collection requires interaction and
persuasion of the survey respondents. The efficacy of the
questionnaire depends on the persuasion with the respondents,
language comprehension and discourse. In the present, survey
will be used as it is the appropriate method for the research. It
is a cost-effective and easy method. Survey is categorized as a
quantitative method for primary data collection (Gorard, 2013).
It is categorized as quantitative method as the information
collected can be analyzed through statistical means. Along with
it, the researcher will also use literature review method for the
data collection. The sample size of the survey will be 100. The
survey will be conducted with the project managers of the
security system manufacturing firms. They can provide deep
and practical insight regarding the security and the privacy
challenges in the business organizations (Myers, Well, & Lorch,
2013). The random sampling will be used for the selection of
the research participants. It is a convenient sampling method
(Leavy, 2017). The respondents who consent to the research will
be emailed the survey questionnaire. It means that the
researcher will analyzes the information from the current
literature resourced. For this, the researcher will select
scholarly articles on the research subject and synthesize
information from them (Maxwell, 2012).
CONCLUSION
It can be concluded that the biometrics is a novel
technology, which has a high scope in the field of security
system. Biometrics is the use of human imprints and
characteristics for the security purposes. It is the process of
identifying or authenticating the identity of an individual by
identifying the physical or behavioural characteristic of a
person. The goal of the biometric machine is to control the
access at sensitive locations. There are certain characteristics of
an individual such as voice, fingerprint and iris, which are
unique and can be used for personal recognition. It is an
effective method to provide security, especially when the past
methods such as passwords can be easily stolen. However,
there is a major concern for the privacy of the data. The
biometrics uses the data, which is personal to each individual.
Therefore, if the database of this data is stolen, it can be used
maliciously against that person. The data stored in the database
is not private in nature; however, when this data is stored, it
becomes private in nature.

ACKNOWLEDGEMENT
In the research paper, the work and research of several
authors has been cited. The author is thankful to all the
researchers, whose valuable work is included in the research.
REFERENCES
Ballard, L., & Lopresti, D. (2007). Forgery Quality and Its
Implications for Behavioral Biometric Security. IEEE
TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETIC 37(5), pp. 1107-1120.
Belguechi, R., Alimi, V., Cherrier, E., Lacharme, P., & Rosenberger,
C. (2011). An overview on privacy preserving biometrics.
Bhargav-Spantzel, A., Squicciarini, A. C., Modi, S., Young, M.,
Bertino, E., & Elliott, S. J. (2007). Privacy preserving multi-
factor authentication with biometrics. Journal of Computer
Security, 15(5), 529-560.
Bringer, J., & Chabanne, H. (2008, June). An authentication protocol
with encrypted biometric data. In International Conference on
Cryptology in Africa (pp. 109-124). Springer, Berlin,
Heidelberg.
Carpenter, D., McLeod, A., Hicks, C., & Maasberg, M. (2018).
Privacy and biometrics: An empirical examination of employee
concerns. Information Systems Frontiers, 20(1), 91-110.
Creswell, J.W., & Creswell, J.D. (2017). Research Design:
Qualitative, Quantitative, and Mixed Methods Approaches.
SAGE Publications.
Fan, C. I., & Lin, Y. H. (2009). Provably secure remote truly three-
factor authentication scheme with privacy protection on
biometrics. IEEE Transactions on Information Forensics and
Security, 4(4), 933-945.
Gorard, S. (2013). Research Design: Creating Robust Approaches for
the Social Sciences. SAGE.
Jain, A. K., Nandakumar, K., & Ross, A. (2016). 50 years of biometric
research: Accomplishments, challenges, and
opportunities. Pattern Recognition Letters, 79, 80-105.
Jain, A. K., Ross, A., & Prabhakar, S. (2004). An introduction to
biometric recognition. IEEE Transactions on circuits and
systems for video technology, 14(1), 4-20.
Jiang, Q., Ma, J., & Wei, F. (2016). On the security of a privacy-aware
authentication scheme for distributed mobile cloud computing
services. IEEE Systems Journal.
Leavy, P. (2017). Research Design: Quantitative, Qualitative, Mixed
Methods, Arts-Based, and Community-Based Participatory
Research Approaches. Guilford Publications.
Linnartz, J. P., & Tuyls, P. (2003, June). New shielding functions to
enhance privacy and prevent misuse of biometric templates.
In International Conference on Audio-and Video-Based
Biometric Person Authentication (pp. 393-402). Springer,
Berlin, Heidelberg.
Marczyk, G.R., DeMatteo, D., & Festinger, D. (2010). Essentials of
Research Design and Methodology. John Wiley & Sons.
Maxwell, J.A. (2012). Qualitative Research Design: An Interactive
Approach. SAGE Publications.
Myers, J.L., Well, A.D., & Lorch, R.F. (2013). Research Design and
Statistical Analysis: Third Edition. Routledge.
Normalini, M. K., & Ramayah, T. (2017). Trust in internet banking in
Malaysia and the moderating influence of perceived
effectiveness of biometrics technology on perceived privacy and
security. Journal of Management Sciences, 4(1), 3-26.
Prabhakar, S., Pankanti, S., & Jain, A. K. (2003). Biometric
recognition: Security and privacy concerns. IEEE security &
privacy, 99(2), 33-42.
Ratha, N. K., Connell, J. H., & Bolle, R. M. (2001). Enhancing
security and privacy in biometrics-based authentication
systems. IBM systems Journal, 40(3), 614-634.
Tuyls, P., Akkermans, A. H., Kevenaar, T. A., Schrijen, G. J., Bazen,
A. M., & Veldhuis, R. N. (2005, July). Practical biometric
authentication with template protection. In International
Conference on Audio-and Video-Based Biometric Person
Authentication (pp. 436-446). Springer, Berlin, Heidelberg.
Xiang, C., Tang, C., Cai, Y., & Xu, Q. (2016). Privacy-preserving face
recognition with outsourced computation. Soft
Computing, 20(9), 3735-3744.
Yanikoglu, B., & Kholmatov, A. (2004, August). Combining multiple
biometrics to protect privacy. In Proc. ICPR-BCTP
Workshop (pp. 43-46).