The recent widespread diffusion of biometrics-based recognition
systems is mainly due to the greater convenience, comfort and security they offer with
respect to traditional authentication methods based on passwords or tokens. In
fact, being derived from who a person is or what a person does, instead of from
what a person knows or what a person has, biometric data represent identifiers which
cannot be lost or forgotten, and represent irrefutable evidences linking a user
to his identity.
However, the use of biometric data in an automatic recognition
system also involves serious risks for their owners: if a biometrics is somehow stolen or copied, it can be
difficult to replace it. Moreover, biometric data can contain sensitive information
regarding, for example, the users’ health or genetic background, which can be
used in an unauthorized manner for malicious or undesired intents. Moreover the
users' privacy can be compromised if cross-matching between different biometric databases is performed, in order to
track the enrolled subjects using their personal biometric traits. The aforementioned security and privacy concerns need to be
carefully considered when implementing a biometric recognition system, by providing
appropriate countermeasures to the possible attacks which can be perpetrated at
the vulnerable points of the system. Therefore some measures should be adopted
to enhance biometric data resilience against attacks, while
allowing the matching to be performed efficiently, thus guaranteeing acceptable
recognition performance.
Among the possible threats regarding users' privacy and security which have to be considered when
designing a biometrics-based recognition systems, the unauthorized acquisition
of the stored biometric data is probably the most dangerous
one. Therefore, many solutions have been investigated in the recent past to secure biometric templates. Among them, cancelable biometrics approaches have
been introduced in. These techniques apply intentional non-invertible and
repeatable modifications to the original biometric templates. Specifically, a properly
defined cancelable biometrics should satisfy the following
requirements:
·
Security: it should be impossible or computationally unfeasible to obtain
the original biometric template from the transformed one;
No comments:
Post a Comment