Update Biometrics.md #67
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I would like to clarify something. There is quite a bit of confusion regarding stolen biometric information. I agree that It is quite worrisome that hackers may have access to an individual’s biometric data and, like other private data that is stolen, the uses of this data can be quite damaging to an individual. However, the misconception is that a stolen biometric data is the equivalent of a stolen password. The difference relates to the input mechanism. A password can be inputted quite simply by entering the characters through any keyboard. A biometric in concept needs to be entered through a biometric capture device or by passing the capture mechanism. First, the stolen images would need to be converted into a spoof artifact that can be used in order to measurable by the data capture sub-system. This requires an effort by the attacker and the knowledge. Then if the system has a liveness measure this attack most probably will not be successful at least on the large scale. Second, Outside of presentation attacks, the stolen biometric data can only be used directly bypassing the biometric data capture device and inserting it prior to the feature extraction software. For this attack to be successful, the security of the connection would need to be broken.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I would like to clarify something. There is quite a bit of confusion regarding stolen biometric information.
I agree that It is quite worrisome that hackers may have access to an individual’s biometric data and, like other private data that is stolen, the uses of this data can be quite damaging to an individual.
However, the misconception is that a stolen biometric data is the equivalent of a stolen password.
The difference relates to the input mechanism. A password can be inputted quite simply by entering the characters through any keyboard. A biometric in concept needs to be entered through a biometric capture device or by passing the capture mechanism.
First, the stolen images would need to be converted into a spoof artifact that can be used in order to measurable by the data capture sub-system. This requires an effort by the attacker and the knowledge. Then if the system has a liveness measure this attack most probably will not be successful at least on the large scale.
Second, Outside of presentation attacks, the stolen biometric data can only be used directly bypassing the biometric data capture device and inserting it prior to the feature extraction software. For this attack
to be successful, the security of the connection would need to be broken.