Mirror Mirror on the Wall Is Facial Recognition the Best Authenticator of All?
Biometrics in the News This Month • August 8 th – Facebook looses appeal, is now eligible for class- action lawsuit against facial recognition. • August 14 th – Reports hit on the Bio Star 2 data breach of over 27.8 million records, that include biometric data. • August 16 th - Information Commissioner’s Office in the U.K. open up an investigation over facial recognition use in London’s Kings Cross. • August 6 th , 19 th , - Increasing calls from known politicians on facial recognition bans or limited use.
Biometrics: Bad News or Brilliant Solution? Your car or you? In 2005 Malaysian accountant K. Kumaran loses more than his new car: thieves cut off his index finger to get around the hi-tech security system of his S-class Mercedes. Finding what was lost In April of 2018, the police of New Delhi, India, implemented facial recognition technology. Running a test, the technology identified 3000 children reported missing in only four days.
The Growing Use of Biometrics Here in Canada Facial Scan Shopping Banking on Biometrics ▪ As of July 2018, Cadillac Fairview ▪ Four Directions Financial in discovered using facial scanners at Edmonton mall kiosks. ▪ Using retina scanning and fingerprint ▪ Company argues collecting age, ID to secure bank accounts for gender, monitoring traffic only. homeless account holders. ▪ Privacy Commissioner of Canada now investigating.
The Tech that Lays the Golden Eggs What is Biometric Authentication and why is it So Popular
What Are Biometrics? What Is the Relation to Facial Recognition (FR)? Biometrics : statistical measurement and calculations made from the body. Biometric authentication: taking the these numbers and uses them to verify the individual. Facial Recognition: takes the image or scanning of the face, and converts it into quantifiable features. One of the growing and more popular types of biometric authentication.
How Does Biometric Authentication Work?
What about Authentication vs. Identification? 1 : 1 1 : M
Why Would an Organization Use Biometrics? Convenience Security Usability ▪ Something You Are ▪ Harder to fool or steal ▪ Minimal learning curve authentication than passcodes. for users. ▪ Look ma, no ▪ More secure than ▪ Some biometrics very passwords! many conventional easy to scan and obtain, systems esp. Facial Recognition. ▪ Some can work without conscious input.
Want to Try Biometrics? You’ve Got Lots of Options From current trends.. … .to the future ▪ Facial Recognition ▪ Blood Pulse ▪ Body Salinity ▪ Fingerprint Recognition ▪ Facial Thermography ▪ Swear Pore Analysis ▪ Hand Geometry ▪ Body Oder ▪ Gait ▪ Iris & Retinal Scanning ▪ Brain-Wave Pattern ▪ Foot Dynamics ▪ Voice Recognition ▪ Skin Luminescence
The Big Bad Wolf at the Door Problems with biometric authentication
The Innate Bane of Biometric Systems ▪ Beware of False Positives and False Negatives ▪ The human factor: measurements will vary ▪ Too detailed and it fails; too flexible and it fails. Bottom line: there is no way to get a biometric scanner to work 100% of the time.
Other Innate Problems to Be Aware Of ▪ Function creep & privacy invasion ▪ Ethnic demographics and compatibility ▪ Consequences of false negatives ▪ Cost ▪ Once data is stolen, it can’t be reused!
Biometric System Vulnerabilities (Visual) 1 . Present fake biometrics to the sensor 1. & 2. 2 . Resubmitting previously stored data 3 . Overriding feature extraction 3. & 4. 4 . Tampering with the biometrics feature representation 5 . Corrupt the macher 5. 6 . Tampering with stored templates 6. 7 . Attaching the channel between the stored templates and the matcher 7. 8 . Overriding the final decision 8.
“ ▪ “The fact that biometric data is not secret, combined with the existence of several kinds of attacks that are possible in a biometric system, make the issue of security/integrity of biometric data extremely critical. ” ~John Vacca, “Biometric Technologies and Verification Systems”
Sage Wisdom What to know before starting the journey
Before You Get Started: Discuss with the Business ▪ What are we protecting? ▪ Who are our adversaries? ▪ How are we vulnerable? ▪ What are our priorities? ▪ What can we do for a better implementation?
Learn the Laws of the Land Biometrics are increasingly considered in privacy and surveillance laws, including: ▪ Biometric Information Privacy Act (BIPA) of Illinois ▪ Texas Biometric Privacy Act, Washington Biometric Privacy Law, California Consumer Protection Act ▪ Biometrics are covered in the GDPR ▪ The Privacy Commissioner of Canada has ruled cases of PIPEDA applying to biometric information ▪ Bans for some use in San Francisco, Oakland CA.
Risk Reality Check If your organization or client wants to include a biometric authentication, they’ll need to consider: ▪ Misuse of biometric data, including public perception. ▪ Impacts of false positives & negatives. ▪ Physical and logical controls. ▪ Audit trails ▪ Vendor certifications ▪ Security and auditing role in the project.
Becoming the Prince to a Biometric Snow White Standards and Solutions
Biometric Standards for Auditing and Frameworks ISO has multiple standards, ▪ ISACA Audit Assurance including: Program ▪ ISO/IEC JTC 1/SC 37 - ▪ INCITS M5 Committee on Standards in Biometrics Biometrics ▪ ISO/IEC JTC 1/SC 27 – IT ▪ NIST Biometrics Security standards, including standards for biometrics security Privacy? Due to the implications of biometrics and privacy, a Privacy Impact Assessment is highly recommended.
Possible Solutions to Give Your System an Edge ▪ Data-Hiding ▪ Compression Algorithms (ex: WSQ) ▪ Cancelable Biometrics ▪ Watermarking ▪ Encryption & Distortion Transforms ▪ Combining with practices like two-factor authentication.
More Resources Books Articles Websites ▪ OECD . Biometric-based ▪ Shoniregun, Charles ▪ Biometric Technologies . OECD and Crosier, Stephen. Vulnerabilities Digital Economy Papers, Securing Biometrics Exposed No. 101, 2004. Applications . (Infographic ). Intel. http://dx.doi.org/10.178 Springer, 2008. 7/232075642747 ▪ Thakkar, Danny. ▪ Vacca, John. What are Risks of ▪ Patel, Vishal, Ratha, Biometric Storing Biometric Nalini and Chellappa, Technologies and Rama. Cancelable Data? Biometrics: A review . Verification Systems . Bayometric.com, IEEE Signal Processing Elsevier,2007. 2018. Magazine, 2015.
About Information in Bloom & Victoria McIntosh • Freelance information and privacy contractor in Nova Scotia, Canada. • Combines information science (MLIS) and certification as an Information Privacy Technologist (CIPT) by IAPP.
Enjoyed this Talk? Contact Victoria & Tell Your Friends bloom@victoriamcintosh.com @vmcntosh www.linkedin.com/in/victoriamcintosh/ www.VictoriaMcintosh.com
Recommend
More recommend