| Home - Topics - Papers - Theses - Blog - CV - Photos - Funny |
Are biometrics good for determining whether a digital identity uniquely represents a real person?
Break this down:
Biometric authentication is practical, and not necessarily a privacy disaster. Biometric template only needs to be stored on the device, …
But biometric identity also needs a uniqueness test.
Priorities: Don’t Feed the Surveillance Capitalists
“Entities”
the cold inhumanness of typical Silicon Valley thinking. People are mere entities with no special place in the world, just like companies, gadgets, or bots. People are just objects to be abstracted, derived, polymorphically referenced, and iterated over. From the Silicon Valley perspective, all the software you build is more powerful and general, and hence better, if it doesn’t know or care whether the objects it manipulates are people, bots, or anything else. But I’ll let you in on a secret: real people do care.
Call us speceist or something, but I’m with Tim Cook…
XXX
And the first and most critical step in ensuring that technology serves humanity is to ensure that the technology we build can distinguish humanity from inhumanity.
Relevant security properties:
The first two should be obvious, but what about the third?
A key goal in most identity schemes is to ensure that no person can register multiple “Sybil” identities, e.g., to vote multiple times in an election, or to collect state-supplied benefits multiple times. Collecting two or three or more times the amount of benefits you’re entitled to is appealing to fraudsters pretty much regardless of what kind of benefits we’re talking about.
But can biometric identity systems enforce identity uniqueness? Do currently-deployed biometric identity schemes test for uniqueness?
There are many proposed and a few implemented approaches to biometric identity and I won’t pretend to be familiar with them all, but let’s look at one example: India’s Aadhaar system [xxx]. I choose this example not because I have any reason to believe it to be better or worse than any other proposed approach I’m aware of, but merely because of its large-scale deployment, having already been used to register more than 1.1 billion people [xxx].
Privacy challenges:
Aadhaar device certification requirements for fingerprint and iris authentication.
requires
<2% FRR ... at FAR of 0.01%'' for fingerprint and FRR < 1% at FAR of 1 in 1,00,000’’ for iris scanning.
(Note that the 1,00,000'' is *not* a typo for 1,000,000, but rather is one lakh’'
or 100,000 expressed in the
Indian numbering system).
could go full Gattaca with genetic sequencing – but even genetic testing is still imperfect (XXX false criminal conviction case). And even ``perfect’’ genetic uniqueness testing would still yield false positives in the not-so-uncommon case of identical twins.
Biometric Identification of Identical Twins: A Survey On the similarity of identical twin ngerprints Fingerprint Recognition with Identical Twin Fingerprints
twins and face recognition: Can Biometrics ID an Identical Twin? Notre Dame researchers put face-recognition software to the “torture test”: genetically identical people
twins and body veins: A Study of Similarity between Genetically Identical Body Vein Patterns
A Study of Identical Twins’ Palmprints for Personal Authentication
With enough different biometric factors in combination (fingerprint, iris, face, hand, genes, rectum), …
Probing the Uniqueness and Randomness of IrisCodes: Results From 200 Billion Iris Pair Comparisons
Man seeks Aadhaar twice, gets stuck with fake name
number of unique types of devices, companies certified devices
(fake hands, faked liveness tests, …)
spoofing:
Chaos Computer Club: Iris Biometrics Can be Spoofed Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos
How to Generate Spoofed Irises From an Iris Code Template
Hackers Spoof Samsung Iris Scanners With A Photo And Contact Lens Cosmetic Contact Lenses and Iris Recognition Spoofing Detection of Contact-Lens-Based Iris Biometric Spoofs Using Stereo Imaging A REVIEW OF COSMETIC CONTACT LENS DETECTION IN IRIS IMAGES
On Iris Spoofing using Print Attack
liveness detection:
Biometric Liveness Detection: Challenges and Research Opportunities
Iris mage reconstruction from iriscodes: Iris Image Reconstruction from Binary Templates (non-paywalled preprint)
XXX Recently, several researchers have addressed the problem of generating differ- ent synthetic biometric traits such as iris [11, 12, 13, 14, 15], fingerprints [16], signature [17, 18], face [19], handwriting [20], and voice [21].
SIC-Gen: A Synthetic Iris-Code Generator SYNTHESIS OF IRIS IMAGES USING MARKOV RANDOM FIELDS
Synthesis of Large Realistic Iris Databases Using Patch-based Sampling
But a Sybil attacker’s goal is not to mimic another person’s biometric, but rather just to be different from those of other real people. …
fingerprint reconstruction: Learning Fingerprint Reconstruction: From Minutiae to Image
Can even synthesize fingerprints that falsely authenticate as two different people: On the Feasibility of Creating Double-Identity Fingerprints
Deepfakes trend…
Template theft, usage for impersonation.
Cross-correlation for tracking, surveillance.
Biometric Template Protection: Bridging the Performance Gap Between Theory and Practice
“practical template protection schemes neither have proven non-invertibility/non-linkability guarantees nor do they achieve satisfactory recognition per- formance. This explains why despite 20 years of research, operational biometric systems do not go beyond encrypting the template using standard encryption techniques and/or storing them in secure hardware.”
“The main limitation of state-of-the-art template protection techniques is the trade-off between recognition performance and the level of security offered by them.”
Biometric Template Protection: Bridging the Performance Gap Between Theory and Practice
Protection of Privacy in Biometric Data
Template protection approaches assume an attacker compromises only a database containing already-protected template information. But if the attacker compromises any one device that a victim ever uses, even just once, to authenticate, then the attacker can capture the ``raw’’ template before any template protection is applied. The single compromised device problem again.
OPM Hack Attack Saw Breach of 5.6 Million Fingerprints
Unique Identification: Inclusion and surveillance in the Indian biometric assemblage
Protection of Privacy in Biometric Data
key generation: Biometric-Iris Random Key Generator Using Generalized Regression Neural Networks
| Bryan Ford |