Biometrics 简明教程
Biometric System Security
生物识别系统的工作在很大程度上取决于受操作限制的输入设备。有时,设备本身可能无法捕获必要的输入样本。它们可能无法充分捕获样本。这使得系统不可靠且脆弱。
The operations of a biometric system depend heavily on the input devices that are subjected to operational limitations. At times, the devices themselves may fail to capture the necessary input samples. They may not capture the sample sufficiently. This makes the system unreliable and vulnerable.
生物识别系统越脆弱,就越不安全。
The more vulnerable a biometric system is, the more insecure it is.
Biometric System Vulnerability
这有生物识别系统脆弱性的两个主要原因:
There are the two major causes of biometric system vulnerability −
System Failures
生物识别系统无法工作的有两种方式:
There are two ways in which a biometric system can fail to work −
-
Intrinsic failures − They are failures such as non-working sensors, failure of feature extraction, matching, or decision making modules, etc.
-
Failures due to attacks − They are due to loopholes in the biometric system design, availability of any computations to the attackers, insider attacks from unethical system administrators, etc.
Risks with Biometric System Security
生物识别系统的安全性很重要,因为生物识别数据不容易撤销或替换。关于生物识别系统安全性的重要风险如下:
The security of a biometric system is important as the biometric data is not easy to revoke or replace. There are following prominent risks regarding security of biometric systems −
Risk of User Data Being Stolen
如果生物识别系统很脆弱,黑客可以破坏其安全性并收集记录在数据库中的用户数据。它对隐私构成了更大的威胁。
If the biometric system is vulnerable, the hacker can breach the security of it and collect the user data recorded in the database. It creates more hazards to privacy.
Risk of User Data Getting Compromised
在获取生物识别样本后,黑客可以向系统提供一个虚假样本。如果用户数据遭到破坏,它将永远遭到破坏。显而易见的原因是,用户只有有限数量的生物识别数据,并且它们很难被替换,这与密码或身份证不同。
After acquiring the biometric sample, the hacker can present a fake sample to the system. If user data is compromised, it remains compromised forever. The obvious reason is, user has only a limited number of biometrics and they are difficult to replace, unlike passwords or ID cards.
尽管生物识别数据经过加密和存储,但它需要解密才能进行匹配。在匹配时,黑客可能会破坏安全性。
Though biometric data is encrypted and stored, it needs to be decrypted for matching purpose. At the time of matching a hacker may breach the security.
Biometric System Security
已提出多种解决方案来解决生物特征系统安全问题。永远不要以原始形式存储生物特征模板。它们已加密,有时甚至两次加密。
A number of solutions are proposed to address the biometric system security issue. Biometric templates are never stored in the raw form. They are encrypted; sometimes even twice.
对于生物特征,涉及各种资源,例如人员(受试者或候选人)、实体(系统组件或流程)和生物特征数据(信息)。 confidentiality, integrity, authenticity, non-repudiation 和 availability 的安全要求在生物特征领域至关重要。让我们简要回顾一下它们 -
In the case of biometrics, there are various resources involved such as humans (subjects or candidates), entities (system components or processes), and biometric data (information). The security requirements of confidentiality, integrity, authenticity, non-repudiation, and availability are essential in biometrics. Let us go through them briefly −
Authenticity
它是纯净、真实或原始的品质或状态,而不是复制品。信息在其创建、存储或传输时的状态和品质保持不变时即为真实。
It is the quality or the state of being pure, genuine, or original, rather than being reproduced. Information is authentic when it is in the same state and quality when it was created, stored, or transferred.
生物特征系统中有两种真实性 - entity authenticity 和 data origin authenticity 。实体真实性确认参与整体处理的所有实体都是他们声称的那样。数据来源真实性确保数据的真实性和原创性。例如,生物特征数据是通过传感器设备采集的。来自真实传感器的捕获数据未从先前的记录中伪造。
There are two authenticities in a biometric system − entity authenticity and data origin authenticity. Entity authenticity confirms that all entities involved in the overall processing are the ones they claim to be. Data origin authenticity ensures genuineness and originality of data. For example, the biometrics data is captured with sensor devices. The captured data that came from a genuine sensor is not spoofed from a previous recording.
Confidentiality
它限制信息访问和向授权用户披露,并防止未经授权的人员访问或披露。在生物特征系统的情况下,它主要指生物特征和相关身份验证信息,当它被捕获和存储时,需要对其保密,以防止未经授权的实体获取。
It is limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized people. In cases of a biometric system, it mainly refers to biometric and related authentication information when it is captured and stored, which needs to be kept secret from unauthorized entities.
生物特征信息只应完全可供其所属的人员访问。在识别和变化期间,需要采取适当的安全措施对访问候选人进行限制。
The biometric information should only be accessible completely to the person it belongs. During identification and variation, the accessing candidate needs to be restricted with appropriate security measures.
Integrity
它是完整且未经改动,涉及到其一致性、准确性和正确性。对于生物特征系统,完整性应很高。应通过纳入其通知和更正,防止或最早检测到操作和存储期间的任何恶意操作。
It is the condition of being complete and unaltered that refers to its consistency, accuracy, and correctness. For a biometric system, the integrity should be high. Any malicious manipulations during operation and storage should be kept away or detected earliest by including its notification and correction.
Non-repudiation
它是识别所涉及的资源,如实体和组件。它也被视为责任。例如,它禁止生物特征信息的发件人或收件人否认发送或接收生物特征信息。
It is identification of involved resources such as entities and components. It is also seen as accountability. For example, it prohibits a sender or a recipient of biometric information from denying having sent or received biometric information.
Availability
如果集合中的所有成员都可以访问资源,则资源相对于该集合具有可用性属性。一个称为 reachability 的方面确保人或系统流程可以或不能被联系,具体取决于用户兴趣。
A resource has the property of availability with respect to a set of entities if all members of the set can access the resource. An aspect called reachability ensures that the humans or system processes either can or cannot be contacted, depending on user interests.
攻击者可能使系统对真实用户不可用,从而阻止他们使用经过身份验证的应用程序。这些攻击者以信息的可用性为目标。
Attackers can make the system unusable for genuine users, thus preventing them from using authenticated applications. These attackers target the availability of the information.
Criteria for Generating Biometric Templates
以下是生成生物特征模板的标准 -
Here are the criteria for generating biometric templates −
-
Ensuring that the template comes from a human candidate and is captured by a genuine sensor and software.
-
Securing a biometric template by encryption with irreversibility properties. This makes it difficult for hackers to compute the original biometric information from secure template.
-
Creating an unlikable (unique) biometric template. A biometric system should not be able to access the template of the same candidate recorded into another biometric system. In case if a hacker manages to retrieve a biometric template from one biometric system, he should not be able to use this template to gain access through another biometric system even though both verifications may be based on the same biometric template of the candidate. Further, an unlinkable biometric system should make it impossible to derive any information based on the relation between two templates.
-
Creating a cancellable and renewable template. It emphasizes on the ability to cancel or deactivate the compromised template and reproduce another one, in a similar manner that a lost or stolen smartcard can be reproduced.
-
The ‘renewable’ and ‘unlinkable’ characteristics are achieved through salting techniques. Salting adds randomly generated unique data known as ‘salt’ to the original information to make it distinct from the others.
-
Designing a biometric system accuracy with respect to both FAR and FRR.
-
Selecting a suitable encryption algorithm carefully. Some algorithms may amplify even small variations inherent in an individual’s biometric data, which can lead to higher FRR.
-
Using an important encryption technique such as hashing method, which is effective when a different permutation is applied with each template generation. Different permutations ensure the uniqueness of each template despite using the same input biometric data.
-
Employing an effective protection scheme to elevate the performance of the system.
已经在生物特征数据安全性与隐私方面做了大量的研发。
A lot of research and development is being done towards the security and privacy of biometric data.