Step-by-Step Analysis of Why and How Biometrics Brings Down Security
This is a follow-up of my earlier post — “Reality that so many security experts opt to not speak”
- Biometrics is probabilistic; it measures unpredictably variable body features of living animals in ever changing environments.
- Therefore, biometrics does not escape the trade-off between False Acceptance (False Match/False Positive) and False Rejection (False Non-Match/False Negative), outline of which is shown in the graphs above.
- The presence of False Rejection forces a fallback measure to be pr-provided in case the correct user gets rejected.
- Biometrics and a fallback measure need to be used together in a ‘multi-entrance’ deployment, as against a ‘multi-layer’ deployment. The former increases the attack surface (= brings down defense), while the latter decreases it (=brings up defense).
- Unless a default password/PIN is invalidated not to work as a fallback measure (with availability sacrificed), the overall security is lower than that of the default password/PIN used on its own.
As such, it is not that biometrics is not so secure as it claims to be, but that biometrics destroys the defense which a default password/PIN has otherwise provided.
Key References
“What we need to do for NOT achieving Solid Digital Identity”
Removal of Passwords and Its Security Effect
Negative Security Effect of Biometrics Deployed in Cyberspace
External Body Features Viewed as ‘What We Are’
Additional References
For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)
What We Know for Certain about Authentication Factors
Digital Identity for Global Citizens
Image-to-Code Conversion by Expanded Password System
Summary and Brief History — Expanded Password System
Proposition on How to Build Sustainable Digital Identity Platform
Account Recovery with Expanded Password System
History, Current Status and Future Scenarios of Expanded Password System
Update: Questions and Answers — Expanded Password System and Related Issues
< Videos on YouTube>
Slide: Outline of Expanded Password System (3minutes 2seconds)
Digital Identity for Global Citizens (10minutes — narrated)
Demo: Simplified Operation on Smartphone for consumers (1m41s)
Demo: High-Security Operation on PC for managers (4m28s)
Demo: Simple capture and registration of pictures by users (1m26s)
Slide: Biometrics in Cyber Space — “below-one” factor authentication
