by Bernhard Strobl (Austrian Institute of Technology, AIT) and Margherita Natali (United Nations)
This article will give an insight into some key problems and related solutions concerning the implementations of a privacy-preserving biometric matching system. We propose three by-design possibilities, strictly in compliance with human rights and data protection regulations, to improve the security of authentication systems: contactless fingerprint scanning, use of a distributed ledger system for biometric matching, and homomorphic encryption. These technical solutions would potentially constitute a step forward for governmental use of authentication procedures under the international security agenda while supporting ethically aligned design principles.
Identity management represents one of the key items on national and international security agendas. In the private domain the use of own identity is predominantly used for granting access in basic and common transactions or actions, whereas governments, in the public domain, more often implement such systems to manage social phenomena such as migration or the illicit activities of organised criminal groups. One of the most common uses of identity management on the global scale is the authentication of official identification documents (e.g., identity cards, passports, driver’s licences, and other civil-registry-issued certifications) to monitor and facilitate the legitimate movement of individuals.
Authentication processes can be built upon three basic and very distinct pillars:
- What is known (password, passphrase, PIN, etc.)
- What is available (key, card, stick, document, QR Code, sign, etc.)
- Who the person is (biometrics: DNA, face, fingerprint, iris, veins, etc.)
Sometimes a combination of these pillars is chosen to perform a secure authentication. Depending on the application, different interests may shape the technological choice. For instance, in the case of a commercial service, the need for a speedy and seamless process is prioritised over other interests. Under the public agenda, the authentication procedures used may vary among, for instance, the granting of socio-sanitary services, the exercising of civil rights (e.g., voting), and the implementation of security policies (e.g., preventing terrorism and organised crime, etc.).
The development of advanced biometric technologies that can ensure compliance with Human Rights and data protection regulations and offer reliable outputs, represents an imperative and an opportunity to increase the efficiency of and trust towards the use of authentication procedures.
The scope of this article is to discuss three possible technical solutions to the threats posed to authentication procedures and assess the impact of their implementation by governments in the field of international security [1].
- Two of the most threatening attack vectors addressing governmental biometric authentication systems are:
- Presentation Attack (PA): The attacker presents stolen or replicated biometric samples to the acquisition system to perform the authentication. In order to contrast these attacks some PA-detection (PAD) techniques are available. Another form of face spoofing is embodied by morphed pictures (morphing), which are purposefully difficult to distinguish from the original for the officer or the system performing the authentication.
- Infiltration and data interception of server systems: A biometric database is leaked, either by directly hacking the server system or by intercepting the data in the transmission path. In both cases, a potential attacker gets access to biometric data that can be duplicated, counterfeited, illicitly stored, analysed, etc.
A valid model to overcome such threats
- is a combined approach of reliable systems
- can perform the authentication through a distributed ledger
- can be used in combination with homomorphic encryption methods.
As the current tests show, contactless biometric systems (a), those using fingerprints in particular, have over a 98% rate of successful performance [2]. The efficiency of these systems relies on their neutrality of performance towards dry or wet fingers resulting in the collection of high-quality images; and the fast response, which ultimately improves the end-user experience. Compared to previous touch-based technologies, a three-dimensional spoof of accurate fingerprint minutiae data for four fingers presented at once, is extremely hard to achieve. Additionally, PAD methods for fingerprint spoofs in the 3D domain are much easier to detect. Under this perspective, the possibility of a more accurate collection and sharing of biometrics performed by designated authorities under the national security agenda and in full respect for human rights and applicable data protection regulations, could offer wide potential for improvement of the interoperability and systematisations between national systems and international dedicated databases.
The correlation between technologies and Human Rights is more often at the centre of the debate surrounding the use of biometrics. A biometric matching service, where a server system – by design – cannot be compromised thanks to a distributed ledger system, constitutes a tremendous step forward to a more secure and reliable process (b). Trust, according to these features, is built by using several computational nodes/ledgers verifying a “transaction” located at different premises. Compromising one system would trigger alarms. Such architecture, especially if implemented in a multi-party computational matching system, is by-design offering greater guarantees that the biometric data is processed in an exhaustive privacy-preserving manner. Accordingly, the concrete data-processing actions are performed on a fragmented part of the data and none of the servers nor the transmission lines reveal or have access to the entirety of the data. In this sense, such a feature, if adopted by national entities in their biometric authentication procedures and exchange of outputs with the international community, would exponentially increase the compliance of such mechanisms with human rights and data protection regulations, which, in turn, will also increase their reliability and related social confidence.
Finally, studies show that the most secure privacy-by-design principle would be the use of homomorphic encryption (c) [3], which would decrease to the minimum the risks of infiltration of the server and, in combination with the other two above-described features, would eradicate the risk of errors in authentication procedures. Therefore, it could be concluded that technologies, together with adequate policy and legal frameworks, could not only support the work of governments to maintain security and promote Human Rights, but also facilitate it through respective design.
References:
[1] United Nations Security Council Resolutions 2396 (2017) and 2482 (2019), in particular, with Res. 2396 (2017) Member States are required by the UN Security Council to adopt national biometric systems to monitor the cross-border movement of people.
[2] A. Torres, “Interoperability Assessment 2019: Contactless-to-Contact Fingerprint Capture”, NISTIR 8307. https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8307.pdf
[3] W.A.A. Torres, N. Bhattacharjee, B. Srinivasan, “Privacy-preserving biometrics authentication systems using fully homomorphic encryption”, in Int. Journal of Pervasive Computing and Communications, Vol. 11 No. 2, pp. 151-168, 2015. https://doi.org/10.1108/IJPCC-02-2015-0012
Disclaimer:
The contribution to this article was made – free of compensation - in Margherita Natali’s private capacities as a researcher and subject matter expert on the legal frameworks applicable to the processing of biometric data for public purposes. The reference materials used in this publication, including their respective citations, do not imply the expression of any opinion whatsoever nor the official endorsement by the United Nations. Any information that may be contained in this publication emanating from actions and decisions taken by States does not imply recognition by the United Nations of the validity of the actions and decisions in question and is included without prejudice to the position of any Member State of the United Nations.
Please contact:
Bernhard STROBL, Austrian Institute of Technology (AIT)
