Skip to main content

The Problem with Biometrics


Biometrics is touted as the solution to all identity problems we have. It is like Manna from heaven that would solve all the problems associated with user IDs and passwords and tokens and make everyone so unique because of the fact that they have finger prints, retinas, face geometry, hand geometry, wrinkles on the face and whichever set of controls required to ensure that the person identifying himself is him/her.

However, this identity is under pressure from a set of technologies, that helps in recording it in such minute details that with advances in technology these could be replicated without much ado over time. Lets look at Cameras with super sensitive irises. These Cameras with high resolution sensors to the tune of 50 Mega Pixels announced recently by Canon and other Japanese Camera Leaders, makes you wonder, if your iris is protected at all. Can somebody take a shot of your iris or a shot of your fingers, make a copy of it and run away with your identity. It is a possibility and it is an area of concern to many of the developers as well as those who need to protect devices and physical protection using biometric devices.
The two pictures in this blog is to show the detail that you can expect from a simple camera, would not say who the iris belongs to for obvious reasons (Could be my Cat , Dog or my Hamster) and I also tried the same with the patterns in my fingers.These pictures are to show how much detail could be captured in a photograph.
                  
We are seeing three dimensional photographs, 3d scanners that are available in the open source domain as well
This also leads to the question about using Biometrics by the Government, Is the Government ready to protect this information, Do they need to collect this information at all, Is there not a possibility that your identity may get misused by a rogue government that have an agenda against elimination of dissent. What if they end up raking up evidence against you, the fact being that they have access to your information. This being unique, how can you take a different identity. Are we going to see a new trend of Cosmetic Surgeons, who would for a fee help you change your biometric identities. Liposuction, Tummy Tuck, Breast Augmentation and ofcourse Retina Change, Hand Geometry Swap, Finger Print Change services. We are moving into a new world of uncertainties.


It is of  major concern that you are scanned at entry into the United States, Retina Scan in some of the Gulf Countries and if the other countries start doing the same, For example any American from the USA (To be fair to Canadians and Mexicans and other countries of North America and South America) get scanned on entry into say Russia or China. Is there a guarantee that this information is secure? Would you trust a foreign Government with your only data that is indelible? Would the Chinese, Russians or Indians have trust that the data collected by the US immigration department will not be misused? You never know how this information can be misused? Every Government in this wide world may start scanning International travelers as a retaliatory measure and soon this data would become valuable.


In Information Security we say that the chain is as strong as the weakest link? Imagine a time when Biometrics are the only way to authenticate against systems. A rogue country may use this data to break into the systems of the attacked country. I will use the information I have collected to breach into the systems. It is pretty scary thinking about losing your identity. I have already lost it a few countries that already has my Iris Scans, Full hand geometry and scan of every finger in my body.

If possible under all circumstances, people should resist giving biometrics and biometrics being used as the only way to identify somebody. Would we not be implicated in crimes that we never performed because a mafia gang has a large set of stolen identities to perpetuate their crimes. Well well , Welcome to the new world!!!

Comments

Popular posts from this blog

Where are we headed ... A crystal ball into Cybersecurity in the next five years .. Are we ready?

  The future of Cyber Security: Trends and Predictions for the Next 5 years The field of cybersecurity is constantly evolving, and the threats are only getting more sophisticated. In the next five years, we can expect to see a number of trends emerge in the field of cybersecurity, including: The rise of artificial intelligence (AI). AI is already being used by cybercriminals to develop more sophisticated and targeted attacks. As AI continues to develop, it is likely that cybercriminals will be able to use it to even greater effect. The increasing use of cloud computing. Cloud computing has many benefits, but it also introduces new security challenges. Cloud-based data is often more vulnerable to attack than data that is stored on-premises. The growth of the Internet of Things (IoT). The IoT is connecting billions of devices to the internet, which creates a vast new attack surface for cybercriminals. IoT devices are often poorly secured, making them easy targets for attack. The shor...

Red Team Blue Team Exercises - A Roadmap to follow to test the efficacy of controls

  Scenario 1: Phishing Attack Red Team Playbook Day 1: Send out phishing emails to the blue team. Monitor the blue team's response. Day 2: Analyze the blue team's response and identify any vulnerabilities. Report the findings to the blue team. Blue Team Playbook Day 1: Train employees on how to identify and avoid phishing emails. Monitor for phishing emails. Day 2: Analyze the phishing emails sent by the red team. Identify any vulnerabilities in the organization's phishing detection and response processes. Develop a plan to improve the organization's phishing detection and response processes. Analysis The red team's phishing attack was successful in getting several employees to click on the phishing links. This shows that the organization needs to improve its employee training on phishing awareness. The blue team was able to identify and contain the phishing attack, but it took them several hours to do so. This shows that the organization needs to improve its phishi...

The Shifting Landscape of Knowledge and the Nobel Prize

Our recent conversation sparked some interesting thoughts about the prestigious Nobel Prize and the distribution of its recipients across the globe. Inspired by a user's search history, we delved into the fascinating patterns and potential implications of who gets recognized for groundbreaking achievements. The initial point of discussion centered on the user's search activity, which revealed an interest in various scientific and technological topics, as well as a specific search for "Nobel Prize winners by country." This led us to explore the geographical distribution of Nobel laureates, and a question arose: why does it seem that certain schools and countries, particularly in the West, have a higher representation? We considered several factors that might contribute to this observation: Historical Dominance in Science: Historically, Western nations have often been at the forefront of scientific research due to earlier investments and established infrastructure. V...