As with many interesting and powerful developments of technology, there are concerns about biometrics. The biggest concern is the fact that once a fingerprint or other biometric source has been compromised it is compromised for life, because users can never change their fingerprints. A theoretical example is a debit card with a personal Identification Number (PIN) or a biometric. Some argue that if a person’s biometric data is stolen it might allow someone else to access personal information or financial accounts, in which case the damage could be irreversible. However, this argument ignores a key operational factor intrinsic to all biometrics-based security solutions: biometric solutions are based on matching, at the point of transaction, the information obtained by the scan of a “live” biometric sample to a pre-stored, static “match template” created when the user originally enrolled in the security system. Most of the commercially available biometric systems address the issues of ensuring that the static enrollment sample has not been tampered with (for example, by using hash codes and encryption), so the problem is effectively limited to cases where the scanned “live” biometric data is hacked. Even then, most competently designed solutions contain anti-hacking routines. For example, the scanned “live” image is virtually never the same from scan to scan owing to the inherent plasticity of biometrics; so, ironically, a “replay” attack using the stored biometric is easily detected because it is too perfect a match. The television program MythBusters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped. While the laptop’s system proved more difficult to bypass, the advanced commercial security door with “live” sensing was fooled with a printed scan of a fingerprint after it had been licked. There is no basis to assume that the tested security door is representative of the current typical state of biometric authentication, however. With careful matching of tested biometric technologies to the particular use that is intended, biometrics provide a strong form of authentication that effectively serves a wide range of commercial and government applications. However, the clear concern is that the number of biometric samples of an individual are limited. If all samples are lost via compromise the legitimate owner will be unable to replace the old ones. Additionally, the limited number of samples means that there is a concern with secondary use of biometric data: a user who accesses two systems with the same fingerprint may allow one to masquerade is her to the other. Several solutions to this problem are actively being researched, such as Biometric Encryption or Cancelable Biometrics or Traceless Biometrics.

Privacy

A concern is how a person’s biometric, once collected, can be protected. Australia has therefore introduced a Biometrics Institute Privacy Code Biometrics Institutein order to protect consumer personal data beyond the current protections offered by the Australian Privacy Act.

Biometrics sensors will scan your whole surface of your naked body…

Biometrics sensors’ obstacles

Different sensors (hardware producers), generating different biometrics outcomes, different outcomes cannot be encryptedly compared (they will never match). It is very difficult to create standard on identical encryption paths. Biometrics standard can be obtained only if the common information is unconcealed. Currently each biometric scanner’s vendor is responsible for generating his own encryption method. In order to unify the biometrics collection method(s) the Standardization procedure must force Biometrics exposure, however, exposed biometrics information present a serious threat to privacy rights.

Conclusions

There are no legal restrictions on biometrically identifying information, or biometric authentication systems. However: there are severe restrictions on collecting, creating, maintaining, using, or disseminating records of identifiable personal data. One immediate conclusion that we should draw is that biometrics authentication must be traceless.

Traceless Biometrics

Traceless Biometrics System (TBS) was developed in order to avoid the need to collect biometrics and afterwards to search creative ways or alternative technologies to cancel delicate collection(s). Traceless Biometrics is a method that is able to authenticate innocent’s strangers, even if they’re not known to the biometric system. TBS does not require infrastructure (can work offline), redundant the need for proprietary or identical scanners/readers (any hardware mix fits), no need for central databases, or storage, or stored templates. Privacy friendly – not unique nor clonable, letting the subject to cancel/change his own biometric or key by himself anytime anywhere, comply with all privacy standards without secrets give-away – Can be spread anywhere (no single key) without risk of breach. Fast, reliable, anonymously, mobile, non-unique, irreversible, accurate, unidirectional, high entropy and most important able to authenticate anywhere across the globe! (Even in the desert or high seas) without communication.

On November 2007 (UK) HMRC’s loses data for 25 million people records held on two CDs include biometrics information.

“The loss was evidence that the government can not be trusted with biometric information, and that the proposed national ID scheme was untenable” said FBI fraud expert and world-renowned ex-con artist Frank Abagnale. A month later more than 3 million U.K. learner drivers have gone missing from a firm in the U.S., the government has admitted…. In Israel, during the last elections, the ministry of interior experienced loss of the entire population registration book, comprised all the Israeli population from birth to death, include ID numbers, addresses, names, birthdays, immigration, gender, family relations etc.

The invaluable searchable book can be downloaded, freely from the net (acts committed by children under the age of 15 years that are not punishable). The police authorities, needless to say are helpless and may not completely understand the damages to privacy and to personal security.

Just think, what would happen if something, should happen to biometrics records?

Biometrics collections are harming and putting in danger our liberty and privacy, and are not protecting us from crime and terror.

The accuracy of fingerprints for example is only 99% (every 1% error is 10,000 mistakes per million, in 50M records it comes to 500,000 MISTAKES PER SINGLE SCAN – 50M people is less then 16% of the U.S. total Population…).

A person provides a sample biometric, sometimes without his knowledge, and the system must compare that sample to every stored record to attempt to return a match. This is known as a one-to-many match (otherwise we cannot find criminals – we are NOT criminals we are free humans beings living in a so called “benevolent democracy”), and is done without any corroborating data. Because the matching process is based on the closeness of the new sample to a stored sample, most systems return a likely list of matches… Hence any unique biometric sample, whether a fingerprint, voice recording, or iris scan, is not matched from the raw data. There is too much data to store and compare during each attempted match, especially if the sample needs to be transmitted to a central database for matching(???) which requires a lot of authorizations (unsecured) otherwise this information need to be decentralized (very unsecured), Instead, biometric systems use templates.

The raw data is simplified through feature extraction. Face recognition systems need the most number of features to be extracted and hand scans need the least. The extracted features are compressed further into a sample template which is then compared to a stored template to determine if there is a match. (Huge error rate) Information is lost with each level of compression making it impossible to reconstruct the original scan from the extracted points. Since even minor changes in the way a sample is collected (different scanners and manufactures) can create a different template for a single individual, matches are based on probability. Systems are adjustable to the amount of difference they will tolerate to confirm a match. As the collection database is getting bigger the efficiency of catching criminals id getting lower, Because of this, the accuracy of all biometric systems diminishes over time. Therefore – Our privacy and liberty are getting sacrificed to stupidity!

Once a system is created, new uses are usually found for it, and those uses are not likely to stop at the border, as we can learn from the British police and their leads for investigations using naive social networking as Facebook (NY Times: April 18, 2008), imagine what they do with our privacy rights using our unique and intrinsic biometrics collections? In a biometric system, the question is: Whether the individual can trust the system? Unfortunately, the answer is a resounding, NO. Individuals must not trust the system.

Biometrics are automated methods of recognizing a person based on a unique physiological or behavioral characteristic. Some of the features include measurements of face, fingerprints, handwriting, hand geometry, iris, retinal, vein, and voice. Invasive Biometric technology is now the foundation of a secure identification and intrinsic personal information data collection system maintained by DEMOCRATIC governments worldwide…

The information is uploaded for various purposes to be utilized by numerous governmental agencies for verification and distribution, all under the premise of “increasing security”. In 1903 NY State Prison began fingerprinting prisoners for security purposes and since then the governments are systematically proposed various schemes to collect information on the citizenry. The Judicial Branch in several states has ruled against mass collection of personal information as a violation of personal privacy. In Perkey v. Department of Motor Vehicles (1986) the Supreme Court of California ruled that, “The collection of fingerprints for … unspecified and widespread usage infringes on individual privacy rights.”

Fingerprints, facial geometry, and retinal scans and the communication thereof are protected under the right to liberty and property which is a basic understanding of the US Constitution which has been backed by 200 years of case law, protecting these basic human rights. The government’s stance is that “the war on terror has prompted the need for increased security measures”. When the citizenry allows blatant violations of basic Civil Liberties it is the death of Democracy. In Politics Aristotle said, “The basis for a democratic state is liberty”.

We must save our liberty and privacy, for democratic system and state Biometrics Collection is an ominous risk of extinction

By: Michael (Micha) Shafir – Security Park

Current Biometric documents are useless. ePassports don’t make much sense without one-only or unequalled biometric passport reader. Let’s face it once and for all, any electronic data storage method by which content can be read (e.g. RFID, smart/storage cards, etc.), gives it the obvious potential to be hacked, copied and cloned. There’s a reason why “Random Access”, “Write Only Memory” (“WOM”) devices have never sound logical. What purpose would there be to store data that cannot be read? Let’s take this one step further. If stored information is designed to be read, then a device must exist with the ability to read the stored information for it to be of any value.

Now, let us apply that simple logic to stored information that’s meant to be read in a widespread application. In this type of application, multiple standardized reading devices must exist in order to always yield the same result from that stored information. As an example, standardization gives us the ability to use our credit cards regularly because each and every point of sale reader is reading the information contained within the card’s magnetic strip in the exact same way.

We must therefore recognize that these same benefits of standardization create reciprocal risks of fraud. Once the ability to read stored information exists, the ability to either reverse engineer the reading process or clone the coded stored information exists as well. What purpose does, a means of identification serve, if we cannot be near certain that it has not been compromised? Further, once that ID has been compromised, how can it be prevented from yielding positive identification where not intended? To illustrate the point, let us use your everyday ATM cash withdrawal as an example. After inserting the card into the ATM, one is prompted to enter the PIN associated with that card.

If the correct PIN is entered, even by someone other than the authorized user, the ATM will approve the transaction because its predetermined means of authentication is a combination of a card and its associated PIN. As we are well aware, magnetic strip cards and the like can be easily read, thus creating the opportunity for thieves to create a copy of that card. All that’s left is the PIN. For professional thieves, that’s less of a challenge than we’d like to believe.

For years, as technology developers would have it, much effort has been focused on providing more and more secure methods of storing sensitive information, without addressing the root of the problem. Regardless of how securely information is stored, because it is designed to be read, illicit methods by which to read the information will be found. Once that has been accomplished, the ability to create both fake and cloned ID’s exists. ePassport readers are addressing the standards and recommendations of predefined requirements like the Machine Readable Travel Documents (MRTD). In order to make them usable, they must be consistent.

If you have a set of identical targets (e.g. ePassports or National IDs or Driving Licenses or Employee cards etc.), breaching one of them is a breach of all of them. Identical electronic device is a single point of failure. It is unfathomable for governments to change their entire population’s ID’s and documents every time someone, somewhere across the globe hacks and clones a single chip.

It would seem as if the only real way to prove you are who you claim you are to an automated system is through the use of biometrics as a means of authentication. Identity theft is exceedingly common these days. The use of biometrics, however, creates a whole new area of concern. When non-biometric security authentication elements are breached, security can be reestablished by selecting new authentication elements. The same cannot be done in an instance where stored biometric information is breached. Biometric information cannot be changed. Our fingerprints, face, retina and all, are what they are. The question we are faced with is how we can truly secure our biometric information. We can change our name or address, but we cannot change our body parts.

Turning the human body into the ultimate identification card is extremely dangerous. The possibility of fraud with electronic chips and biometric data should not be underestimated. Exposing or losing biometric property is a permanent problem for the life of the individual, since, as we’ve mentioned, there is no practical way of changing one’s physiological or behavioral characteristics. How do you replace your finger if a hacker figures out how to duplicate it? If your biometric information is exposed, in theory, you may never be able to prove who you say you are, who you actually are or, worse yet, prove you are not who you say you aren’t.

The best secrets are secrets that are never shared. Storing those secrets on a readable electronic card from which any simple RF dump reader can extract that information, in the same way as international border readers do, or storing your personal information together with your biometric characteristics on a readable electronic device is like sticking a label with your PIN on the back of your ATM card!

Biometric authentication is a powerful tool, able to bridge the gap between human and machine interaction in everyday instances such as ATM withdrawals, on-line banking and credit card transactions and all sorts of general user authentication. The use of biometric authentication enables a high threshold of security by reducing identity fraud incidences of unauthorized user access. It is also an easy method of authentication from the user’s point of view because a user’s biometric information is always with them. The most critical flaw in the use of biometrics as a means of authentication, however, is that the authentication process cannot work if the subject is a stranger to the system.

We’ve already concluded that storing the biometric information on an external device carried by the user, such as a smart card, is far too risky in that it risks losing one’s biometric information forever. Alternatively, databases are breach-prone, and inefficient, especially when used in large scale applications. Databases also require real-time access to be of any value, communication with which may not always be available. Where then can such sensitive information be stored? Furthermore, why risk storing that unique biometric information in a database, smart card, or other external devices to make it useful?

Another problem with common biometric systems is that the most effective way to achieve maximum system matching is to compare biometric images to a template by using raw data. Biometric Encryption is the process of using a characteristic of the body as a method to code or scramble/descramble data. Since these characteristics are unique to each individual, the biometric information readers, cameras and sensors must all yield identical results.

Most biometric authentication systems use a similarity score as an internal variable, whereby if enough numbers of starting points are given, it is possible to find the highest point without being trapped by local minima. However, different readers, cameras and sensors, manufactured by different manufacturers, generate ever so slightly different biometrics results. Varying starting results, when encrypted alike, will not yield the exact same decrypted result.

Biometric standards can be obtained only if the common information is unconcealed. That, in and of itself, creates system wide vulnerability, and thereby renders the system unsecure. At present, each biometric scanner’s vendor generates their own encryption method. Raw biometric data is critical data. It should not be exposed or stored in public space. As difficult as it might be to create a secure standard for identical encryption paths, it is seemingly not possible to create standards for non-identical encryption paths. Overcoming the encryption matching hurdle is the see-saw that creates the security blind spots because the template can be tapped during the authentication process.

Traceable biometric authentication systems extract features from scanned biometric elements and pattern match it with an enrolled template. Theoretically, a system cannot authenticate strangers to its data store. The other side of that theory is exactly where the hackers look. The inability to “recognize” strangers is an opportunity to breach the authentication barrier. If a biometric authentication system has a blind spot, it can then be take advantage of and used to clone or rob ID. It also means that when the real ID owner will try to use their legitimate ID, they might find that they have been revoked from the system without understanding why. An electronic chip that contains identity elements is only one of the many threats facing traceable biometric authentication systems.

Template leakage is an even bigger problem because once that information is gotten a hold of, the ability to prevent illegitimate copies and “fake originals” of legitimate ID’s is gone unless the template is changed. Any change to the template requires changing ALL associated ID’s, just as is the case when a “master key” is lost. The only solution is to change the key and distribute new keys to all who use it. Can one possibly imagine if such an instance were to occur with Driver’s Licenses? Now try to imagine if it were to happen with Passports. Unfathomable! At least with keys, the ability to change the template or lock is not ideal, but possible. That is not the case with biometrics as biometric elements are with the individual for life. Dear security decision maker, how can you sleep at night?

People want to be able to draw a circle around their personal information, and do not want parts of their body electronically stored in databases. Our system of government tells us that we are entitled to control all that falls inside this circle; we ought to be able to regulate how, to whom, and for what reasons the information within this circle is disseminated. Some people object to biometrics for cultural or religious reasons. Others imagine a world in which cameras identify and track them as they walk down the street, following their activities and buying patterns without their consent. They wonder whether companies will sell biometric data of their body parts the way they sell email addresses and phone numbers. People may also wonder whether a huge database will exist somewhere that contains vital information about everyone in the world, and whether that information would be safe there.

Cloneable, traceable or collectable biometric systems could be designed to have the capability to store and catalog information about everyone in the world. The violation of privacy created by the collection of biometric data creates a prophylactic paradox; the bigger the privacy violation, the farther away it moves away from its intended goal.

How then can the power of biometric authentication be made useful without bumping up against these numerous serious challenges?

Innovya’s Traceless Biometrics approach, using non-unique remedies and a Real Time Reactive Authentication process solves all such cloneable, deflectable and privacy challenges. The Traceless Biometric workflow uses the time tested photo ID concept, wherein you match a picture to a person, no different than in any typical biometric authentication process. In a very simplistic way, just as in a mirror reflection, anyone can “authenticate” a stranger’s reflection without the need to compare the reflection against any other source of stored information. It does so, however, in a manner that is, as its name suggests, traceless, without storing any biometric data anywhere.

Innovya’s Traceless Biometric Authentication process consists of a comparison of only a portion of predetermined biometric elements against the users’ associated access device, wherein the “instructions” for which such portions and their mathematical modifiers are stored on the access device, somewhat similar, in an oversimplified sense, to the PIN on an ATM card. Unlike the ATM card, however, the system will not authenticate unless that specific user is the one seeking authentication because positive identification is derived from biometric elements on the user’s person, and therefore becomes useless without the user. Should the access device be hacked exposing the numerical string derived in the Traceless Biometric Authentication process, an alternative Traceless Biometric Authentication element can easily be programmed and reissued to the user.

Therein lays the essence of Innovya’s novel approach. Innovya has overcome the major challenge of creating a secure and efficient authentication solution that is stronger and less disturbing than electronically cloning human intrinsic characteristics on databases or electronic chips by eliminating them from the equation altogether. Additionally, because only a portion of the total biometric data is used in the process, should that data be compromised, the ability to recreate the biometric element from which it was derived is simply impossible.

Today, most systems are designed to work specifically in place where they are located, like office buildings or hospitals. The information in one system isn’t necessarily compatible with the other’s, although several organizations are trying to standardize biometric data. Once identical information is stored outside of governmental boundaries, the potential of using it commercially is huge, especially by hostile governments that might be willing to pay a lot for these otherwise indiscoverable information elements. Above all the advantages and disadvantages this technology, we will unintentionally be creating ripples in the field of security and privacy.

Adopting traceless guidelines by using real-time reactive authentication process methods for current biometric authentication systems will result in an efficient and unobtrusive authentication solution, wile treating personal privacy as the critical issue that it is. Biometric scanning, not storage, as is necessary for the limited purpose of authenticating a user should suffice. Authentication systems should dismiss all biometric information or traces thereof from the scanning devices immediately after the authentication process, and mustn’t use any external storage systems. Innovya has developed the solution to all of these challenges.

Although there are severe restrictions on collecting, creating, lodging, maintaining, using, or disseminating records of identifiable personal data, there are no legal restrictions on the processing of biometric authentication systems. Biometric authentication processes must be recognized for the risk that they pose, and must therefore be done so only in ways that are Traceless and Anonymous.