posted on 2010-03-16, 11:21authored byRaphael C.-W. Phan, John N. Whitley, David Parish
This work aims to highlight the fundamental issue surrounding biometric security
systems: it's all very nice until a biometric is forged, but what do we do after that? Granted,
biometric systems are by physical nature supposedly much harder to forge than other factors
of authentication since biometrics on a human body are by right unique to the particular human
person. Yet it is also due to this physical nature that makes it much more catastrophic
when a forgery does occur, because it implies that this uniqueness has been forged as well,
threatening the human individuality; and since crime has by convention relied on identifying
suspects by biometric characteristics, loss of this biometric uniqueness has devastating consequences
on the freedom and basic human rights of the victimized individual. This uniqueness
forgery implication also raises the motivation on the adversary to forge since a successful
forgery leads to much more impersonation situations when biometric systems are used i.e.
physical presence at crime scenes, identi cation and access to security systems and premises,
access to nancial accounts and hence the ability to use the victim's nances. Depending on
the gains, a desperate highly motivated adversary may even resort to directly obtaining the
victim's biometric parts by force e.g. severing the parts from the victim's body; this poses
a risk and threat not just to the individual's uniqueness claim but also to personal safety
and well being. One may then wonder if it is worth putting one's assets, property and safety
into the hands of biometrics based systems when the consequences of biometric forgery far
outweigh the consequences of system compromises when no biometrics are used.
History
School
Mechanical, Electrical and Manufacturing Engineering
Citation
PHAN, R.C.-W., WHITLEY, J.N. and PARISH, D.J., 2009. On the design of forgiving biometric security systems. IN: Proceedings of the Workshop on Open Research Problems in Network Security (iNetSec '09), Zurich, Switzerland, April 23-24, pp. 1-8
This is a conference paper, the original publication is available at www.springerlink.com, further information can be obtained from http://dx.doi.org/10.1007/978-3-642-05437-2_1