Securing Biometrics

Securing biometrics

84 views
Embed
Email
From
Username or Email (please add comma after each username or email)
Name	Email
Back
Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.
Sarahlee1054

Uploaded on Jan 24, 2023
Category Business
The Anonybit creates a secure framework that enhances compliance, safeguards identity, and safeguards individual assets. It offers cloud-based biometrics, biometric MFA, zero-trust security, cryptography, private key storage, etc.https://www.anonybit.io/blog/securingbiometrics
Category Business
Comments

                     Securing biometrics 
                     SECURING 
TB h e uI s Oeo f bM i o m Ee t r Ti c s tR o ICs e cS u r e u s e r s ’ a c c e s s t o
l o c a t i o n s , d e v i c e s , a n d a p p l i c a t i o n s i s
e x p l o d i n g b y  a n y m e a s u r e . B i o m e t r i c s
a r e t h e i r r e f u t a b l e l i n k t o  “ w h o y o u a r 
e ” , a s o p p o s e d t o “ w h a ty o u h a v e ” a 
n d
“ w h a t y o u k n o w ” w h i c h a r e e a s 
i l y s t o l e na n d u s e d  b y a t t a c k e r s . T h e r e a 
r e o t h e r b e n e f i t s t o
b i o m e t r i c s , i n c l u d i n g , t h e y c a n n o t
b e  f o r g o t t e n ,  t h e r e i sn o t h i n g f o r a
p e r s o n t o b r i n g w i t h t h e m ,  t h e y p r o v i 
d e ag o o d u s e r e x p e r i e n c e ,a n d s o o n .
S t r o n g i d e n t i t y s y s t e m sb a s e d o nb 
i o m e t r i c s  p r o v i d e a n u n d e r l y i n g f 
a b r i c f o r s o c i a l a n d
e c o n o m i c d e v e l o p m e n t ,
p r o v i s i o n o f p r i v a t e
a n d
p u b l i c s e r v i c e s , a s t h e b a s i 
s f o r  d e t e r m i n i n g a c c e s s  t o o n l i n 
e s e r v i c e s a n d e n a b l i n g d i g i t 
a l
i n t e r a c t i o n s .
BIOMETRIC DATA 
SECURITY CONCERNS 
 SHOULD NOT BE 
Has IthGe coNlleOctinRg eEntiDty received consent from the user to collect and use their 
B I OMETRIC DATA biometrics? BIPA (Illinois’  Biometric Information Privacy Act) is bringing this issue front 
and center in the United States, with the pace of  lawsuits picking up dramatically in 2021. 
COLLECTION In fact, as of August 2021,
Is the entity securing the biometric data efficiently and discarding it promptly when it is not 
B I OMETRIC DATA needed? This is a key  question for system design and accessibility. As stated before, biometric 
data breaches can have enormous  consequences as the data can later be used for attacks by 
SECURITY both nation-states and fraudsters.
The privacy element of biometrics is similar to other types of personal data and overlaps 
B I OMETRIC DATA with the other two areas  of concern already discussed. Consent is the first aspect; usage is 
the second. Is the data used for the purpose for  which it was collected? A derivative of this 
PRIVACY is secondary information derived from the biometric characteristics  that were initially 
collected for a different primary purpose.
As we have seen through the legislative and regulatory landscape, while not perfect, a lot of progress has been made with 
respect to  many of the consent and privacy aspects as relates to biometrics. The security aspects, however, are still being 
fleshed out.
MITIGATING BIOMETRICS AND 
SECURITY RISKS
Encryption
Encryption is used to protect biometric data at all of its stages: at rest, in transit, and recently 
even  encryption during processing. Encryption at rest relates to encryption of databases that 
holds the  biometric data. Encryption in transit relates to the transport protocols, like TLS, 
between the system  components. Both of these are key practices used by most systems 
today. Encryption during  transport and at-rest leaves an exploitable gap of the data being 
exposed while it is being used by  the applications. An attacker who compromises the 
organization’s environment, may encroach on  a  server and collect all the biometric data while 
it is unencrypted (in use). To prevent that, it is now  possible to add encryption during 
processing leveraging homomorphic encryption, which became  operational only in recent 
years. Homomorphic encryption increases overall system security as it  eliminates the need to 
decrypt biometric data while it is being used for identification or verification  functions.
On top of that, quantum computing which is now becoming fairly accessible is forecasted to be 
 able to crack encryption keys much faster than previously conceived. Researchers at the 
University  of Sussex estimated in February 2022 that a  quantum computer with 1.9 billion qubits 
could  essentially crack the encryption safeguarding Bitcoin within a  mere 10 minutes. Just 13 
million  qubits could do the job in about a  day. We are still not close to this speed, as the 
strongest  quantum computer by IBM currently delivers 433 qbits, which means it will still take It 
4.7 years to  crack a  such key, but they are doubling to tripling their qbits every year (127 qbits 
in 2021, 433 qbits  in 2022, 1000 qbits expected by end of 2023). However, the 4.7 years is 
lightyears faster than regular  computing, that even with hundreds of powerful computers 
working on a  single private key, would  still take millions of years to crack. More recently, in 
December 2022 researchers published a paper  describing a  methodology to break RSA 
algorithm using a  quantum machine with only 372 qubits  which is available today.
TOKENIZATIO
Biometric data tokenizatioNn implements a  one-way hash or one-way encryption to make the data non-usable to 
an  attacker. Tokenized data can be used to support both identification and verification use cases.
ENCRYPTION TOKENIZATIO
Mathematically transforms plain information into 
cipher  representation using an encryption algorithm 
and key N
Scales to large data volumes with just the use of a  Difficult to scale securely and maintain  
small  encryption key to decrypt data performance as database increases in 
Randomly generates a token value for plain 
size
text  and stores the mapping in a database
Can be used for structured fields, as well Used for structured data fields such as 
as  unstructured data such as entire files payment  card or Social Security numbers
Ideal for exchanging sensitive data with third Difficult to exchange data since it requires 
parties  who have the encryption key direct  access to a token vault mapping token 
values
DECENTRALI
Device-based biometric Network-Based 
decentralization ZATION Decentralization
Device-based biometric decentralization Securing the 
keys
means  the biometric data remains on the 
Securing the 
devices in a  holistic template form. This is the matching
approach used  for FaceID and TouchID, and Eliminating the identity 
gap
with FIDO  authenticator USB devices. Biometric 
Supporting multiple use-
credit cards  and other physical cards like the cases
Arculus card one  introduced by Composecure Biometric algorithms 
agility
are using this  approach as well. With this 
Simplifies regulation 
method, the biometric  data is stored in a compliance
secured enclave on the device  and is well 
protected.
Get in 
touch
1 (917) 655= 2045
[email protected]
https://anonybit.io/