Biometric perils and patches

摘要

Biometrics authentication offers many advantages over conventional authentication systems that rely on possessions or special knowledge. With conventional technology, often the mere possession of an employee ID card is proof of ID, while a password potentially can be used by large groups of colleagues for long times without change. The fact that biometrics authentication is non-repudiable (hard to refute) and, yet, convenient, is among its most important advantages. Biometrics systems, however, suffer from some inherent biometrics-specific security threats. These threats are mainly related to the use of digital signals and the need for additional input devices, though we also discuss brute-force attacks of biometrics systems. There are also problems common to any pattern recognition system. These include “wolves” and “lambs”, and a new group we call “chameleons”. An additional issue with the use of biometrics is the invasion of privacy because the user has to enroll with an image of a body part. We discuss these issues and suggest some methods for mitigating their impact.