5 cybersecyrity methods for biometrics in Big Data systems

You can cheat both a fingerprint scanner on a smartphone, and a large big data system. Today we’ll talk about measures to ensure the information security of biometric data: multifactor authentication, protection of digital templates and multiple verification.

What is a biometric template and why is it needed in Big Data system

The biometric personal data template, which is generated during user registration in the biometrics system, is essentially a password for entering the environment. It is created during registration in the system, and with subsequent use, the current templates of biometric personal data are compared with a previously saved sample. Therefore, the digital template must be protected so that it cannot be stolen and faked. For this, cybersecurity for biometrics identifies 3 basic requirements for a biometric personal data template:

• irreversibility – the inability to recreate the original biometric data from the saved template by digital calculations or by generating a physical fake;

• distinguishability so that the information protection scheme of the template does not impair the accuracy of biometric recognition;

• cancellation – the ability to generate several protected templates from the same source biometric data in case one of them leaks. This will allow the Big Data system to recall and issue new biometric templates and prevent cross-matching between different biometric databases, while maintaining the confidentiality of user information.

How biometric templates are stored: 2 basic methods of protection

One of the elementary rules of information security states that passwords are never stored in pure form in information systems so that they cannot be directly looked at and misused. In practice, a hashing mechanism is used for this, when cryptographic algorithms create its encrypted mapping, which is written to the database. Similarly, biometric personal data after being digitized is masked for secure storage.

To make it impossible to fake biometric personal data according to the template, the following cybersecurity methods are used:

• transformation of biometric parameters when an irreversible function that changes them is applied to the source data. During authentication, the inverse transformation is performed and the recognition algorithms used in the system compare the current biometric personal data with the already transformed template.

• biometric cryptosystems that store only part of the information from the biometric template – a secure sketch, the data in which is not enough to restore the original sample. At the same time, the protected sketch contains the information necessary for identifying a person. Typically, a secure sketch is obtained using a cryptographic key and fuzzy logic functions. At the same time, the protected template contains both the biometric data and the cryptographic key. However, neither the key, nor the template of biometric personal data can be restored using only a protected sketch.

Other cybersecurity methods in biometrics

Another way to ensure information security in Big Data systems based on biometrics is through multiple verification. At the same time, it checks not only the biometric parameters of the identifiable person, but also compares this information with data from other sources. This suggests that digitalization will not be implemented locally within the framework of a separate Big Data system, but at the national level. For example, double verification involves reconciling a biometric template recorded in an electronic passport or visa with the biometric characteristics of the citizen being verified. A triple verification means an additional verification of two parameters with a digital template stored in the state biometric system. In this case, any attempt to forge an identity document is doomed to failure. Such a triple check is included in the recommendations of the International Civil Aviation Organization ICAO on the use of biometric systems. However, in practice this option has not been implemented in many places due to the lack of global biometric systems in most countries. So far, the most striking example of such a system can be called the Indian project AADHAAR based on MapR, Apache Hadoop and other Big Data technologies. But multiple verifications do not guarantee complete protection against misuse of biometric data, including leakage of such information, about which we

Multifactor authentication is a similar way to protect information in Big Data systems based on biometrics. At the same time, in order to confirm the identity, in addition to matching the current BDP to a previously saved template, another foreign key is used that is not tied directly to the verified biological parameters. For example, this may be the answer to a specific question. Such a measure will help to some extent reduce the risk of illegitimate use of modern machine learning technologies – Deep Fake, which allow you to generate realistic video and audio online.

Finally, since no biometric method can guarantee 100% recognition accuracy, modern Big Data systems work with a combination of several identification parameters. A combination of static and dynamic characteristics is used.