Biometric identification systems. What risks for our privacy?

Films like Star Wars, Mission Impossible or Matrix, to mention the most famous, have always showed us scenes where personal identification, especially to access reserved areas, is verified by means of voice or some other physical traits. Science fiction? Not always.

Biometric identification, this is its name, is a computer-controlled analysis that identifies an individual by measuring some biological traits scanned by sensors and by matching them with the data stored in a database.

Historically, biometric identification dates back to 1870 when a Frenchman, Alphonse Bertillon, started to use it in a Paris prison for registering and identifying all detainees. Today, biometrics is strongly increasing and the integration of biometric technologies in mobile devices is helping this sector significantly. According to a study by Acuity Market Intelligence, mobile biometric systems' turnover will reach in 2020 33.3 billion USD, with 4.76 billion of mobile devices enabled to biometric detections. This technology is now used to control physical and logical access and, since 9/11 2001, has been increasingly used also in police checks (e.g. airports).

Different types of biometric measurements

Biometric measurements can be divided into two categories: 1) physiological and 2) behavioural.  Here are a few examples of physiological measurements, that are based on physical traits of an individual:

• DNA matching
• Ear recognition
• Iris/retina recognition
• Face recognition
• Fingerprint/finger geometry recognition
• Vein recognition
• Odour recognition

Here are some examples of behavioural measurements:

• Typing and signature recognition
• Voice/Speaker recognition
• Gait recognition

Main concerns on privacy and biometric technologies

Like all personal data collections, biometric technologies may also raise issues concerning the protection of privacy. Firstly, many biometric technologies can detect medical illnesses.

Vein recognition can, in fact, detect potential vascular diseases, while some kinds of fingerprint recognitions can show chromosomal diseases. Behavioural measurements can lead to the same issues, as well: gait recognition, or typing and signature recognition, could show signs of a neurological disease, as well as identifying a person.

The concerns about privacy can be divided into three groups:

• identification beyond purpose: mere purpose of identifying a person is distorted and his/her health conditions are revealed
• undesired purpose: recognising a person who did not want to be identified
• hidden identification: a person is identified without knowing

However, the main issue on privacy seems the concern that people have of not being informed about the use of these technologies.  During Super Bowl XXXV authorities used the face recognition measurement through monitoring cameras on approximately 100,000 people matching instantaneously their facial features with a database of suspected terrorists and criminals. A broad debate raised between personal privacy's supporters and public security's supporters.

Biometric templates: how our privacy and identity are protected

A biometric template is a representation of an individual's unique traits; issues about privacy arise when biometric templates are stored without precautions in a central database or directly on a device. The risk is clear: if an attacker gets hold of some biometric templates, can then embody the real biometric template's user, committing identity theft.

One of the key points of biometric identification is that biometric templates cannot be updated or renewed; if a password is discovered a new one can be generated among endless possibilities; however, an individual has only 10 fingers, 2 eyes and 2 ears.  The technologies protecting the biometric templates are called Biometric Template Protection. As biometric characteristics are immutable, when a biometric template is stolen, that characteristic is compromised for good. However, Cancellable Biometrics allows to revoke a compromised biometric template, as if it was a stolen password.

Cancellable Biometrics consists of providing an intentional, systematic and repeatable distortion in order to protect sensitive user's data. For example, if a "cancellable" characteristic is stolen, the distortions provided are modified and remapped to a new template, which will replace the one that has been compromised. The advantage of "cancellable biometrics" is protecting user's privacy, as the real biometric data are not revealed during authentication.  The distortion provided, evidently, must be non-invertible because it is necessary to prevent the recovery of original biometric data from the one that have been modified.

Another kind of template's protection is the so-called Biometric Cryptosystem based on protection provided by cryptographic keys. In this system, there is no direct matching between biometric templates, as the comparison between biometric data comes indirectly from the validation of the keys.

So what is better: biometric technologies or a password?

Most of us use biometric technologies every day, as showed in the following examples:

• iPhone 5s introduced a sensor for fingerprint recognition in 2013. There is no need to remember a PIN, the mobile phone can be unlocked simply by a finger
• many Bluetooth pairing systems in cars use voice recognition to select a contact from the address book and to make a call by saying his/her name
• many graphics software and technologies used to manage pictures on social networks provide facial recognition

With respect to security, is it better using biometric technologies or a standard password? Firstly, we need to say that biometrics is based on measuring some unique characteristics of the human body. This is its strength and its weakness. If a password is stolen, it can be quickly replaced with a new one, while if biometric data are stolen, an individual cannot modify his/her fingerprints or iris.

Certainly, physical characteristics on which biometric data are based go wherever an individual goes, allowing him/her to disregard dozens of passwords or PINs and all the services to which they are related. As there is no technology 100% safe, even biometric systems are not flawless.

In fact, they must cope with eventual changes in users' characteristics, like a wound on the face; therefore they need a kind of recognition thresholds, which the providers of such technologies call False Acceptance Rates (FAR) and False Rejection Rates (FRR).

However, passwords and biometrics are not opposites, in fact can complement each other. Based on the security level desired when accessing, these two technologies can work together, by using a PIN for identifying an individual and a biometric technology for the next authentication.