Biometric Boom: How the Private Sector Commodifies Human Characteristics

Biometric technology has become an increasingly common part of daily life. Although biometrics have been used for decades, recent ad- vances and new uses have made the technology more prevalent, particu- larly in the private sector. This Note examines how widespread use of biometrics by the private sector is commodifying human characteristics. As the use of biometrics has become more extensive, it exacerbates and exposes individuals and industry to a number of risks and problems asso- ciated with biometrics. Despite public belief, biometric systems may be bypassed, hacked, or even fail. The more a characteristic is utilized, the less value it will hold for security purposes. Once compromised, a biome- tric cannot be replaced as would a password or other security device. This Note argues that there are strong justifications for a legal struc- ture that builds hurdles to slow the adoption of biometrics in the private sector. By examining the law and economics and personality theories of commodification, this Note identifies market failure and potential harm to personhood due to biometrics. The competing theories justify a reform to protect human characteristics from commodification. This Note presents a set of principles and tools based on defaults, disclosures, incen- tives, and taxation to discourage use of biometrics, buying time to streng- then the technology, educate the public, and establish legal safeguards for when the technology is compromised or fails

Biometric presentation attack detection: beyond the visible spectrum

The increased need for unattended authentication in multiple scenarios has motivated a wide deployment of biometric systems in the last few years. This has in turn led to the disclosure of security concerns specifically related to biometric systems. Among them, presentation attacks (PAs, i.e., attempts to log into the system with a fake biometric characteristic or presentation attack instrument) pose a severe threat to the security of the system: any person could eventually fabricate or order a gummy finger or face mask to impersonate someone else. In this context, we present a novel fingerprint presentation attack detection (PAD) scheme based on i) a new capture device able to acquire images within the short wave infrared (SWIR) spectrum, and i i) an in-depth analysis of several state-of-theart techniques based on both handcrafted and deep learning features. The approach is evaluated on a database comprising over 4700 samples, stemming from 562 different subjects and 35 different presentation attack instrument (PAI) species. The results show the soundness of the proposed approach with a detection equal error rate (D-EER) as low as 1.35% even in a realistic scenario where five different PAI species are considered only for testing purposes (i.e., unknown attacks

Body language, security and e-commerce

Security is becoming an increasingly more important concern both at the desktop level and at the network level. This article discusses several approaches to authenticating individuals through the use of biometric devices. While libraries might not implement such devices, they may appear in the near future of desktop computing, particularly for access to institutional computers or for access to sensitive information. Other approaches to computer security focus on protecting the contents of electronic transmissions and verification of individual users. After a brief overview of encryption technologies, the article examines public-key cryptography which is getting a lot of attention in the business world in what is called public key infrastructure. It also examines other efforts, such as IBM’s Cryptolope, the Secure Sockets Layer of Web browsers, and Digital Certificates and Signatures. Secure electronic transmissions are an important condition for conducting business on the Net. These business transactions are not limited to purchase orders, invoices, and contracts. This could become an important tool for information vendors and publishers to control access to the electronic resources they license. As license negotiators and contract administrators, librarians need to be aware of what is happening in these new technologies and the impact that will have on their operations

Biometrics and Network Security

This paper examines the techniques used in the two categories of biometric techniques (physiological and behavioral) and considers some of the applications for biometric technologies. Common physiological biometrics include finger characteristics (fingertip [fingerprint], thumb, finger length or pattern), palm (print or topography), hand geometry, wrist vein, face, and eye (retina or iris). Behavioral biometrics include voiceprints, keystroke dynamics, and handwritten signatures

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

EHRs at King Fahad Specialist Hospital : an overview of professionals' perspectives on the use of biometric patient identification for privacy and confidentiality, taking into consideration culture and religion : a thesis presented in partial fulfilment of the requirements of the degree of Master in Information Science, Massey University, Albany, Auckland, New Zealand

The Kingdom of Saudi Arabia is focused on expanding use of biometric technologies and it is a matter of time before this expansion includes medical institutions. However there is a lack of research on Electronic Health Records (EHRs) in Saudi Arabian hospitals, especially on the staff views and attitudes in relation to confidentiality, privacy, and security policies in the context of Saudi society, which is governed largely by culture and Islam. This research utilised an online survey tool to ask doctors, managers, and IT professionals, at the King Fahad Specialist Hospital (KFSH) about these aspects and explored if they recommend the classic non-biometric access method over the rather intrusive, yet more advanced, biometric patient identification (BPI) technology. Encouragingly, all the participants recommended BPI methods with the least favoured method being the facial recognition method for Saudi female patients. This study also focused on whether staff believed that religious and cultural issues influence EHR privacy and confidentiality, as the literature showed that in certain cases unauthorised revelation of an EHR could lead to honorary killing of the patient. Implications of this research include the need for comprehensive staff training on being culturally aware, as well as training on EHR security policy, privacy, and confidentiality

A PUF-and biometric-based lightweight hardware solution to increase security at sensor nodes

Security is essential in sensor nodes which acquire and transmit sensitive data. However, the constraints of processing, memory and power consumption are very high in these nodes. Cryptographic algorithms based on symmetric key are very suitable for them. The drawback is that secure storage of secret keys is required. In this work, a low-cost solution is presented to obfuscate secret keys with Physically Unclonable Functions (PUFs), which exploit the hardware identity of the node. In addition, a lightweight fingerprint recognition solution is proposed, which can be implemented in low-cost sensor nodes. Since biometric data of individuals are sensitive, they are also obfuscated with PUFs. Both solutions allow authenticating the origin of the sensed data with a proposed dual-factor authentication protocol. One factor is the unique physical identity of the trusted sensor node that measures them. The other factor is the physical presence of the legitimate individual in charge of authorizing their transmission. Experimental results are included to prove how the proposed PUF-based solution can be implemented with the SRAMs of commercial Bluetooth Low Energy (BLE) chips which belong to the communication module of the sensor node. Implementation results show how the proposed fingerprint recognition based on the novel texture-based feature named QFingerMap16 (QFM) can be implemented fully inside a low-cost sensor node. Robustness, security and privacy issues at the proposed sensor nodes are discussed and analyzed with experimental results from PUFs and fingerprints taken from public and standard databases.Ministerio de Economía, Industria y Competitividad TEC2014-57971-R, TEC2017-83557-