{"id":2251,"date":"2013-08-19T10:44:13","date_gmt":"2013-08-19T14:44:13","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2251"},"modified":"2020-02-26T18:57:44","modified_gmt":"2020-02-26T14:57:44","slug":"biometric-authentication","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/biometric-authentication\/2251\/","title":{"rendered":"Forge You: Do We Have To Trust Biometric Authentication"},"content":{"rendered":"

Everyday millions of computers solve the same problem; these machines try to check if you are actually you and not some other person. The most popular tool to do that is password checking. But it\u2019s quite easy to steal a password as well as forget it. Problems with passwords<\/a> highlight the need for another system of user identification. A very simple and appealing solution is biometric authentication, which allows a user to place his finger on top of a scanner, look at the camera or say a passphrase. Your fingers, your eyes and voice are always with you, right? And others people cannot imitate this. Unfortunately, this appealing idea has numerous cons and that is the reason why we don\u2019t still use fingerprints to login to Google or withdraw cash from an ATM.<\/p>\n

\"biometric_title_EN\"<\/a><\/p>\n

I will cover some issues in detail, but let\u2019s start with a brief summary: it\u2019s almost impossible to change your \u201cpassword\u201d and it\u2019s quite challenging to implement truly secure encryption based on a biometric \u201cpassword.\u201d When going from concept-level to real-life implementation, you can\u2019t help but notice an obvious and extremely important problem \u2013 it\u2019s possible to forge most biometric characteristics using simple and affordable tools.<\/p>\n

\u00a0<\/p>\n

Stranger-danger<\/b><\/p>\n

The major difference of any biometric authentication from an ordinary password-based one is the absence of a perfect match between the original (master) sample and the sample being checked. You simply can\u2019t obtain two fully identical fingerprints of the same finger. It becomes even more troublesome when you try to match faces. Face characteristics might become different or just unreadable depending on lighting conditions, time of the day, presence of glasses, beards, bloodshot eyes, make-up, to say nothing about natural aging. Voice is also affected by numerous factors, e.g. the flu. In these conditions it\u2019s extremely difficult to build a system that is able to accept the legitimate owner all the time and never admit strangers.<\/p>\n

To solve this problem, each biometric system tries to clean the scanned sample of noise, effectively leaving only characteristic features acceptable for mathematical comparison. Nevertheless, even this \u201cskeleton\u201d should be matched with the original in terms of probability. For medium security systems, it\u2019s assumed normal to admit a stranger once in 10,000 tries and block the legitimate user once in 50 cases. When it comes to mobile platforms, unstable external conditions, e.g. lighting and vibration dramatically increase the error rate, that\u2019s why Android facial recognition fails in 30-40% cases.<\/p>\n

\"bio-face\"<\/a><\/p>\n

A password for a lifetime<\/b><\/p>\n

If you forgot your password or it has been stolen, you can change it. If you lost your keys, you can change a door lock. But what could you do, if your bank account is \u201clocked\u201d using the image of your palm as some banks in Brazil or Japan do, and this database of palm prints was stolen?<\/p>\n

There will be a fingerprint scanner in the new iPhone while Android will use facial recognition to unlock. Is this protection worth your trust?<\/div>\n

It\u2019s extremely challenging to change your palm. Even if palm forgery technology doesn\u2019t exist today, no one can guarantee it won\u2019t emerge in five or ten years.<\/p>\n

This fundamental problem might be partially solved with fingerprints \u2013 you can enroll only 2-4 fingers instead of 10, so there will be some ability to change the password. But this supply is quite short, probably too short considering a lifetime. Online account hacks<\/a> happen just too often, so it\u2019s a little bit scary to trust them with precious biometric information. The fact that most services store just a \u201cskeleton,\u201d a biometric derivative, doesn\u2019t really make things easier \u2013 numerous studies have proven that it\u2019s possible to rebuild, e.g. a fingerprint, that won\u2019t be identical to original one, but still able to pass the check.<\/p>\n

\"bio-fake-2\"<\/a><\/p>\n

In addition, online biometric authentication raises privacy concerns. A biometric \u201cpassword\u201d clearly identifies you as you and it becomes impossible to have two separate accounts on the same social network \u2013 a site has enough tools to figure out that it\u2019s the same person. Strictly speaking, hundreds or even thousands of users might have practically indistinguishable biometric features. But with help of a Geo-IP and other metadata that accompanies user requests, it\u2019s well possible to set up completely unique user profiles for each user. If someone manages to implement biometric authentication on every popular web service, online user tracking<\/a> will be a piece of cake.<\/p>\n

\u00a0<\/p>\n

A digital locker<\/b><\/p>\n

Primarily, usage of passwords and, potentially, biometrics can assist to restrict access to various devices and services. Secondly, it can help restrict access to data that is stored on the device. However, it is difficult to utilize biometric features in the second case.<\/p>\n

When you put your documents in a safety box with a fingerprint-based door lock, the box walls protect your data. You would have to use a powerful drill to overtake the fingerprint-scanning lock. If you access control of a computer, it\u2019s ridiculously easy to avoid any check, so the computer equivalent of those steel walls is encryption. When you encrypt something with a password, a special encryption key is generated using your password. If you change only one character of the password, the encryption key will be totally different and useless. But a biometric \u201cpassword\u201d is slightly different on each access request, so it\u2019s very complicated to directly use it for encryption. That\u2019s why existing mass market \u201cdigital lockers\u201d rely on cloud-based help \u2013 biometric matching happens on the server side, and, if successful, the server provides the decryption key to the client. Of course, that poses a significant risk of a massive data leak \u2013 a server hack might lead to the compromising of both encryption keys and biometric data.<\/p>\n

\u00a0<\/p>\n

Biometrics IRL<\/b><\/p>\n

Leaving aside sci-fi movies and military developments, we can think of two cases of automatic biometric authentication you might encounter. There are trials being run in some banks \u2013 they might use palm scans on ATMs as well as voice authentication on phone-based service desks. The second type of biometrics is embedded scanners in consumer electronics, typically laptops and smartphones. The front camera might be used for facial detection and a sensor that can recognize fingerprints. A couple of systems also utilize voice authentication. In addition to the aforementioned general problems of biometrics, those consumer-grade implementations have limits, imposed by such constraints as CPU power, sensor price and physical dimensions. To deal with these constraints developers must sacrifice system security and robustness. That\u2019s why it\u2019s easy to fool some scanners with a wet paper with fingerprints generated using an ordinary printer<\/a> or gelatin cast. And when it comes to gaining profits, fraudsters might produce a convenient fake finger<\/a> \u2013 criminal schemes involving such tools already exist. On the other hand, legitimate users often try to swipe their fingers multiple times to have their access granted \u2013 most sensors might fail if a finger is wet, covered with lotion, slightly unclean or has scratches or burns.<\/p>\n

\"bio-fake-1\"<\/a><\/p>\n

Facial recognition systems are rarely able to distinguish real faces from photos (although there is a workaround if the system has a liveliness check, e.g. requires blinking). But when using facial recognition to unlock your mobile device, programs are often already sensitive to lighting conditions and the overall environment that you don\u2019t want to make things worse by enabling extra checks. And you must have a backup \u2013 an old password \u2013 otherwise you won\u2019t be able to unlock your device in the dark.<\/p>\n

Most developers of voice authentication systems say that they are able to detect fakes \u2013 both recordings and impersonators. In fact, only the most powerful systems perform all required computational-heavy checks, and some researchers say<\/a> that voice alteration software might fool authentication systems in 17% of the time. It\u2019s complicated to implement full, real time analysis on a mobile device, so it requires help from the cloud, but cloud-based authentication is slower, depends on internet connection quality (and mere existence) and is prone to additional attacks like man-in-the-middle. By the way, an MITM attack is especially dangerous for voice authentication systems, because it is much easier to obtain voice samples than other biometric samples.<\/p>\n

This combination of practical inconveniences for legitimate users and insufficient security prevents biometric authentication from becoming a standard in mobile device security, replacing traditional passwords and electronic tokens. Secure and reliable identity checks using biometrics is now possible only in controlled conditions, i.e. in a border control booth in an airport or security checkpoints at an office entrance.<\/p>\n","protected":false},"excerpt":{"rendered":"

Everyday millions of computers solve the same problem; these machines try to check if you are actually you and not some other person. The most popular tool to do that<\/p>\n","protected":false},"author":32,"featured_media":2252,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1136,426],"class_list":{"0":"post-2251","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-biometrics","9":"tag-mobile-devices"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/biometric-authentication\/2251\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/biometric-authentication\/2337\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/biometric-authentication\/2419\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/biometric-authentication\/2276\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/biometric-authentication\/2520\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/biometric-authentication\/1425\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/biometric-authentication\/2520\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/biometric-authentication\/2520\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/biometrics\/","name":"biometrics"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2251"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2251\/revisions"}],"predecessor-version":[{"id":15595,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2251\/revisions\/15595"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2252"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}