Despite what every spy movie up to now 30 years would have you’re thinking that, fingerprint and face scanners used to unlock your smartphone or other devices aren’t nearly as secure as they’re made out to be.

While it’s not great in case your password is made public in an information breach, at the very least you may easily change it. If the scan of your fingerprint or face – often known as “biometric template data” – is revealed in the identical way, you possibly can be in real trouble. After all, you may’t get a brand new fingerprint or face.

Your biometric template data are permanently and uniquely linked to you. The exposure of that data to hackers could seriously compromise user privacy and the safety of a biometric system.

Current techniques provide effective security from breaches, but advances in artificial intelligence (AI) are rendering these protections obsolete.

How biometric data may very well be breached

If a hacker desired to access a system that was protected by a fingerprint or face scanner, there are quite a few ways they might do it:

  1. your fingerprint or face scan (template data) stored within the database may very well be replaced by a hacker to realize unauthorised access to a system

  2. a physical copy or spoof of your fingerprint or face may very well be created from the stored template data (with play doh, for instance) to realize unauthorised access to a system

  3. stolen template data may very well be reused to realize unauthorised access to a system

  4. stolen template data may very well be utilized by a hacker to unlawfully track a person from one system to a different.

Biometric data need urgent protection

Nowadays, biometric systems are increasingly utilized in our civil, business and national defence applications.

Consumer devices equipped with biometric systems are present in on a regular basis electronic devices like smartphones. MasterCard and Visa each offer bank cards with embedded fingerprint scanners. And wearable fitness devices are increasingly using biometrics to unlock smart cars and smart homes.

So how can we protect raw template data? A spread of encryption techniques have been proposed. These fall into two categories: cancellable biometrics and biometric cryptosystems.

In cancellable biometrics, complex mathematical functions are used to remodel the unique template data when your fingerprint or face is being scanned. This transformation is non-reversible, meaning there’s no risk of the transformed template data being turned back into your original fingerprint or face scan.

In a case where the database holding the transformed template data is breached, the stored records could be deleted. Additionally, once you scan your fingerprint or face again, the scan will end in a brand new unique template even in case you use the identical finger or face.

In biometric cryptosystems, the unique template data are combined with a cryptographic key to generate a “black box”. The cryptographic key’s the “secret” and query data are the “key” to unlock the “black box” in order that the key could be retrieved. The cryptographic key’s released upon successful authentication.

AI is making security harder

In recent years, latest biometric systems that incorporate AI have really come to the forefront of consumer electronics. Think: smart cameras with built-in AI capability to recognise and track specific faces.

But AI is a double-edged sword. While latest developments, similar to deep artificial neural networks, have enhanced the performance of biometric systems, potential threats could arise from the mixing of AI.

For example, researchers at New York University created a tool called DeepMasterPrints. It uses deep learning techniques to generate fake fingerprints that may unlock a lot of mobile devices. It’s just like the best way that a master key can unlock every door.

Researchers have also demonstrated how deep artificial neural networks could be trained in order that the unique biometric inputs (similar to the image of an individual’s face) could be obtained from the stored template data.

New data protection techniques are needed

Thwarting a majority of these threats is probably the most pressing issues facing designers of secure AI-based biometric recognition systems.

Existing encryption techniques designed for non AI-based biometric systems are incompatible with AI-based biometric systems. So latest protection techniques are needed.

Academic researchers and biometric scanner manufacturers should work together to secure users’ sensitive biometric template data, thus minimising the chance to users’ privacy and identity.

In academic research, special focus ought to be placed on two most significant points: recognition accuracy and security. As this research falls inside Australia’s science and research priority of cybersecurity, each government and personal sectors should provide more resources to the event of this emerging technology.

This article was originally published at