I’ve pointed out before that biometrics are not a good path to follow to avoid the obvious and growing issues with authentication using passwords.
Many biometrics suffer from being easy to spoof: pictures of someone’s iris, appropriately embedded in a background, can fool iris readers, a sheet of clingfilm can often cause a fingerprint reader to ‘see’ the last real fingerprint used on it, and so on.
But there’s a more pervasive problem with biometrics. The fact that a biometric is something you are is, on the one hand, a positive because you don’t have to remember anything, and wherever you go, there you are.
But, on the other hand, a biometric cannot be changed, and this turns out to be a huge problem.
Suppose you go to authenticate using a biometric. The device that captures your biometric must convert it to something digital, and then compare that digital value to a previously recorded value associated with you.
There are two problems:
- For a while, the device has your biometric data as plaintext. It may be encrypted very close to the place where it is captured, but there is a gap, and the unencrypted version can potentially be grabbed in the gap. There is always a temptation/pressure to use low-power sensors for capture, and they may not be able to handle the encryption.
- The previously recorded values must be kept somewhere. If this location can be hacked, then the encrypted versions of the biometric can be copied. These encrypted versions can then be used for replay attacks.
Of course, there are defences. But, for example, if e-passports are to be used to enter multiple countries, then they must use the same repertoire of encryption techniques so that passports from multiple countries can be read by the same system. So it’s not enough to say that different encryptions of biometric plaintext to its encrypted versions will prevent these issues.
And if one person’s encrypted biometric is stolen, there’s no practical way to update the system’s that rely on it (since they must continue to use the same mapping so that everyone else’s biometrics will still work). More importantly, there’s no way to issue a fresh identity for the person whose data was stolen (“Go and have plastic surgery so that we can restore your use of facial recognition”).