From 7ae34e221a68f15fe869d3027b583d5c2faf4da0 Mon Sep 17 00:00:00 2001 From: Asem Othman Date: Thu, 22 Mar 2018 15:41:22 -0400 Subject: [PATCH] Update Biometrics.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I would like to clarify something. There is quite a bit of confusion regarding stolen biometric information. I agree that It is quite worrisome that hackers may have access to an individual’s biometric data and, like other private data that is stolen, the uses of this data can be quite damaging to an individual. However, the misconception is that a stolen biometric data is the equivalent of a stolen password. The difference relates to the input mechanism. A password can be inputted quite simply by entering the characters through any keyboard. A biometric in concept needs to be entered through a biometric capture device or by passing the capture mechanism. First, the stolen images would need to be converted into a spoof artifact that can be used in order to measurable by the data capture sub-system. This requires an effort by the attacker and the knowledge. Then if the system has a liveness measure this attack most probably will not be successful at least on the large scale. Second, Outside of presentation attacks, the stolen biometric data can only be used directly bypassing the biometric data capture device and inserting it prior to the feature extraction software. For this attack to be successful, the security of the connection would need to be broken. --- draft-documents/Biometrics.md | 1 + 1 file changed, 1 insertion(+) diff --git a/draft-documents/Biometrics.md b/draft-documents/Biometrics.md index 814c557..67a630c 100644 --- a/draft-documents/Biometrics.md +++ b/draft-documents/Biometrics.md @@ -46,6 +46,7 @@ so there’s a value fear is that if the data is put online, it will inevitably be stolen and abused. There is the potential for disaster. +[//]: # (AO: This is a quite worrisome but not a disaster in large-scale applications.) Despite this fear, biometric data already exists, and it’s already being recorded digitally and includes embedded devices [^16]. We need