Cancelable Biometrics -- Outsmarting Gummy Bear Attacks and Enhancing Privacy
The Associated Press is reporting today on the use of sophisticated algorithms to alter biometric snapshots to provide an extra layer of protection against breaches of biometric authentication systems, with the added benefit of limiting the potential invasion of privacy that such systems may represent.
Biometric authentication systems rely on the reduction of a scanned image of an individual's body parts (e.g., fingerprints, eyes, facial characteristics) into a computer file, which can then be checked against a future scan when the individual accesses a secured environment. Although more difficult to hack than many traditional authentication systems, biometric systems do have vulnerabilities, as any viewer of the television show 24 knows (see, e.g., Season 1, Episode 2). Note: If you're squeamish about references to severed fingers, apparently a perfectly serviceable substitute is a finger made of gummy bears.
The AP article details a proposal from IBM that it calls "cancelable biometrics", wherein the biometric reader would distort the image being scanned while it is in the process of being scanned (examples here). Rather than storing a faithful representation of the particular biological feature being scanned, the system would store a digital file of the distorted image. Later, when the same individual accesses the system again, the reader would again distort the image during scanning, and the two distorted images would be compared for authentication. (For techies, the types of transforms proposed by IBM include grid morphing and block permutation). While this extra security would not necessarily address all types of attacks, it is a helpful additional layer. Perhaps more importantly, in addition to the security aspects, the proposal also helps address certain privacy concerns that biometric systems raise. As explained by the IBM researchers:
One such concern is the public’s perception of a possible invasion of privacy. In addition to personal information such as name and date of birth, the user is asked to surrender images of body parts, such as fingers, face, and iris. These images, or other such biometric signals, are stored in digital form in various databases. This raises the concern of possible sharing of data among law enforcement agencies, or commercial enterprises.
With cancelable biometrics, the original biometrics data would never be retained.
Posted by Lance Koonce