An Argument for a Biometric Distributed Data ModelVeridium Author | April 26, 2018
With the release of a new study performed by Vanson Bourne, Veridium confirmed that passwords are on their way out. Surveying 200 IT senior professionals in the US, researchers found that only 34 percent were confident that passwords alone protect data efficiently. These IT decision makers look to biometrics as a more secure method of authentication. Safeguarding the authentication process, however, is only part of securing the company’s privacy.
Collecting biometric data is always coupled with storing it in a secure infrastructure. Instead of attacking the authentication process, cyber threats could target the biometric data itself. Like all physical storage spaces, biometric databases can be infiltrated through underhanded methods. Because of biometrics’ immutable characteristics, having a secure database is not only necessary for the company’s sake, but for the individual’s as well.
Of the 200 IT professionals surveyed, 43 percent believe storing the biometric data on the server is the safest option. While this method does provide encryption and some security, there’s a better option. Companies should consider a distributed model, storing data on the server and another device to safeguard this immutable data as cyber threats evolve and become deadlier.
Two Lines of Defense: Visual Cryptography & A Distributed Data Model
The VeridiumID platform distributes a user’s biometric data as an encrypted template, broken up and stored in different locations. Each part is encrypted, with one stored on the mobile device used for enrollment, and the other on a server. For authentication to occur, both pieces are then recombined for comparing against a newly captured biometric vector. Having encrypted data live in separate locations makes it much harder for an intruder to gain access to both locations. Not only does the hacker have to access the backend server of the company but also the physical device of the user they’re attacking. Mass hacking is difficult with this model because of the distribution of data.
Through this method, true ownership still lies with the user. This accessibility might grant a user the piece of mind that a breach of the company’s server won’t immediately mean a breach of their biometric data.
Biometric Database Breaches
News of biometric database breaches is already making headlines. Aadhaar is India’s largest biometric database set to overtake physical identification models all around the country. As India continues to grow Aadhaar, many are voicing concerns about unauthorized authentication processes conducted through the Aadhaar’s biometric database. Faulty security and loopholes have increased the likelihood of data leakages, but as India sprints toward new phases of Aadhaar some wonder whether the convenience brought by the system wins over the loss of biometric data.
Luckily for enterprises, VeridiumID is flexible and configurable to company needs. With our system, IT personnel can optimize security with the convenience of biometrics without sacrificing end-user privacy in the process.