Biometric System Security and Attacks
A biometric system is a technology that extracts information out of biological or behavioral patterns of a person to recognize a particular person. To propose new approaches or to increase the performance and the accuracy of the existing system, one has to understand the primary biometric system, the parameters used in its making, types of errors, biometric scenario, biometric characters used for an application, limitations of the system and modern approaches. Any biometric machine is not optimal. There will always be a need for enhancing and improving the accuracy and the performance of the biometric system.
Attacks in biometrics
Biometric system is subjected to many malicious attacks which can be performed by various forms of threats. Malicious attacks on a biometric machine are a security concern and degrade the system's performances. Biometric system has various limitations like spoof attacks, noisy sensor data, interclass variations, and interclass similarity, etc.
The high attacks are relevant to any biometric system which is to be analyzed, and countermeasures are to be taken while designing the biometric system. The different attacks in biometrics systems are as follow:
Fake Biometric: With the advent of modern technologies, various hackers nowadays give a fake biometric sample to a sensor to get access to the biometric system. Fake face masks, false fingerprint made from silicon, the lens on an iris, etc. are few such malicious attacks on the sensor.
Replay Attack: In this attack, the data stream which is contained in the biometric system is injected between the sensor and the processing system. A replay attack can be of two to three stage process. It first intercepts or copies the sensor transmission, then it modifies or alters the information, thus finally replaying the data.
Spoofing the Feature set: The replacing of the feature set with fake or altered features are called spoofing of data. These types of spoofing attacks are typically used to attack various networks, spread malware and to gain confidential information.
Template Tampering Attack: A template represents a set of salient features that summarizes the biometric data (signal) of an individual. The templates can be modified to obtain a high verification score, no matter which image is presented to the system. The templates which are stored in the database can be replaced, stolen or even can be altered. Thus, bringing the system down by making the score low for legitimate users. The template-generating algorithms have been viewed as one-way algorithms.
Overriding Yes/No response: An inherent error prevailing in your biometric systems is that the result of the system is always a binary response, Yes/No (i.e., either match/no match). In other words, there is still a fundamental disconnecting between the biometric and applications, which make the system, open to potential attacks.
Trojan horse attack: In Trojan horse attack the feature extractor is itself replaced to produce the desired features and to add on those features in the existing database. The spoof detection technology has become a crucial part of a biometric system as with an increasing concern for security, the biometric attacks are to be identified, controlled and minimized. Researchers are developing various new approaches for a secure biometric system.
Masquerade attack: It was demonstrated that a digital "artifact" image could be created from a fingerprint template so that this artifact is submitted to the system, will produce a match. The object may not even resemble the real image. This attack poses a significant threat to the remote authentication machines. Since a hacker does not even have to bother to obtain a valid biometric sample, all he needs is to get access to the templates stored on a remote server.
Security aspects of a biometric system
Complex systems are exposed to multiple possible vulnerabilities, and the ability to exploit a given vulnerability is dependent on a chain of requirements. Weaknesses vary in severity and may be protected against by various countermeasures, such as supervision of enrollment or verification, liveness detection, template anonymization, cryptographic storage and transport, and traditional network security measures. The security requirements of biometrics are non-repudiation, confidentiality, authenticity, integrity, and availability. The detailed information about the security requirements are given below:
Confidentiality: Confidentiality is the property that protects your information against unauthorized access or disclosure. In biometric systems, a biometric reference stored in a biometric database during the enrollment process is transmitted to a comparison subsystem for the verification and identification process.
During this process, the biometric reference may be accessed by unauthorized entities and can be read or the binding to its identity information may be revealed. Unauthorized disclosure of data may cause critical privacy threats since biometrics are sensitive. The confidentiality of stored and transmitted biometric data can be obtained from access control mechanisms and various forms of encryption techniques.
Integrity: Integrity is the property of safeguarding the accuracy and completeness of assets. The integrity of a biometric reference is critical to the assurance of overall biometric system security. The integrity of the authentication process is dependent on the integrity of the biometric reference. If either the biometric reference or the captured and extracted biometric feature is untrustworthy, the resulting authentication will also be untrustworthy. Unreliable biometric references or samples could occur for one or more of the following reasons:
Availability: Data Center (DC) replication is implemented in the Aadhar system, and the resident data is available at two of the data centers. The application servers are hosted on both these data centers for handling transaction requests (authentication/e-KYC). Thus, the availability of UIDAI hosted services is ensured through redundancy in equipment and component level. Restricted access is enabled only through the authorized entities via leased lines or MPLS connectivity to the data, and there is no direct link given to any third party entities.
Non-repudiation: It is the identification of dedicated resources such as entities and components. It is also seen as a liability. For example, it forbids a recipient or a sender of biometric data from denying having sent or received biometric information.
Authenticity: It refers to the state or the quality of being pure, genuine, or original, rather than being duplicated. The data is only considered authentic when it was in the same state and condition when it was produced, stored, or transmitted. In a biometric system, there are two types of authenticities ? data origin authenticity and entity authenticity. Data origin authenticity ensures the genuineness and originality of the information. For example, the biometric data is captured with sensor devices. The obtained evidence that came from a suitable sensor is not spoofed from a previous recording. The entity authenticity confirms that all entities involved in the overall processing are the ones that they claim to be.