On duty, I am engaged in the coordination of technical specifications for the development of a mobile application with the customer. Often the question is asked - can we log in to the application on biometric indicators, such as a face or a fingerprint? There are several different arguments, but they are all disappointing. In the article I still want to explain to the end why the biometric characteristics during authorization in information systems do not work, and why they work on personal devices.
Data volume
Despite the fact that we live in the BigData century, today we can not provide biometric authorization through a backend service. The first reason is simple - the amount of data. The fact is that the standard link login-password takes about 30-60 characters, and for transmission over the network is an insignificant amount. At the same time, to transfer a high-quality scan of the finger, we will have to send an actual image of a decent size. If we draw an analogy with black and white pictures, an image of 1024 * 1024 pixels with a depth of, say, 8 bits, will take up orders of magnitude more space than the standard login / password combination. And with the authorization of the face scan, the volume grows in order.
But not even the transfer of so much information is a key problem here. The fact is that for authorization we need to unload all the prints of all users into the backend memory, which, say, with 1000 users, is theoretically still possible, but with a million users it is not at all a trivial task for any experienced backend.
An argument in defense is usually followed by
data hashing , in which any data entity can be described using a fixed-length string. And here we are faced with the following problem, which will finally finish off any most productive system.
Fuzzy comparison
The thing is that when logging in with a password, we must reproduce this password exactly. The data will be transmitted and stored as a hash of this password (explanation is such a string that can be obtained from the password, but technically it is very difficult to do the opposite - this ensures the protection of confidential data). Due to the fact that one of the key rules of the hash is the difficulty of decryption, even very similar passwords will give out completely different hashes. For example, here are a few hashes for a very similar combination of characters (
algorithm SHA512 ):
password - b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
passwor - cc28edf8bd1e768a03fd79cb48230dd13e082da4ff260526ad7a00b28f5f82a8624a05997040bb6ae501cbfeb7e089778de36f1fd4e56efb9356b02b675a9db8
Password - e6c83b282aeb2e022844595721cc00bbda47cb24537c1779f9bb84f04039e1676e6ba8573e588da1052510e3aa0a32a9e55879ae22b0c2d62136fcaa3e85f8bb
Password - 4846ee019bb2f83122c6aeaf92e61e9b5dcab8f4be0ffcaaa024cc1f992b7543b0dc1cc32bb68d29fca86753667b3a0cf7c712255907b1b8aeba2085dca74d6b
In the last two pairs in the word Password, the Latin letter P is replaced by the Russian P. As we see, the strings turn out to be completely different, and when you enter the password, we can’t compare even the almost identical character combinations.
Biometric scanners do not allow reading data with 100% accuracy. By applying a finger, a shift by fractions of millimeters, changes in force, injuries and other side effects will always slightly change the resulting pattern, and the scans of the same finger or face will always differ slightly (or significantly).
We learned to recognize key elements and to make a comparison by the presence and placement of these key elements.
Apple
promises to recognize up to 30,000 key points using face ID technology. However, this does not mean at all that all these points must uniquely coincide.
How does biometric authorization work?
The point is that a
fuzzy search is used to authorize by fingerprint or face.
This is a search in which we are not looking for completely coinciding elements (as is possible with password hashing), but for entities that are most similar to each other. For example, for fingerprint authorization, accuracy in repeating a pattern of 90 percent is a very good indicator, and in practice it means that we are the real owner of the print. However, its 10 percent footprint consists of completely different data, in connection with which we get a completely different hash and lose the ability to safely store data. Moreover, the data will have to be stored entirely - the hash function, issuing similar values for similar symbolic combinations, does not comply with the security rules and cannot be considered a good hash function now.
But even if we can somehow describe the data using a “fuzzy” hash, we have another, even more non-trivial problem.
The similarity of biometric indicators
Everyone get on the path of life people, strikingly similar to your friends. There are ethnic groups in which there are very few types and the probability of coincidence is even more aggravated. For fingerprints, the probability of a 100% match is 1 to 64,000,000,000 (the data may not be accurate, but the probability is really extremely small). But with a fuzzy search, the situation looks quite different.
Imagine the situation - you are bitten by bees! It is absolutely certain that your swollen face is more likely to be like someone else than you are.
If we consider authorization among hundreds of millions of users, a fuzzy search system can easily pick up a person who looks more like you in a photo than you do.
But even if we are able to recognize the face with absolute precision, even if we can compare fingerprints with 100% coincidence, there is one more, most significant problem that we absolutely cannot solve.
Data compromise
The presence of our unique biometric characteristics that allow 100% user identification is both a big plus and a major disadvantage. This approach means that you cannot change biometric characteristics like a password - they are embedded in you from birth. There are a lot of different medical practices to change these characteristics, but we definitely will not engage in experiments with health with
each data leak .
Moreover, our biometric data is always available to an outside observer - we constantly leave fingerprints, face photos, parts of our DNA in hair and nails. We do this every minute, without even thinking about it.
Imagine the situation - face recognition on a mobile device 15 years ago. In the era of a 0.3 megapixel camera, getting a high-quality photograph of the face was very problematic for mobile devices. Today, any cheap smartphone has improved the quality of photography hundreds of times. This means that using modern technology to forge an image of a person much easier than a few years ago. The endless race to improve the external scanners only exacerbates the problem, and we will have to update the authorization data with the release of new methods of falsification.
If your data "leaks" into the hands of intruders - you can not instantly replace this data, and even if so, it is very difficult to notify all systems about the compromise. It is much easier to use different passwords for authorization in different systems, is not it?
To summarize, here are a few key difficulties in biometric authorization.
- large amount of data
- fuzzy comparison
- similar indicators for different people
- high probability of compromise
However, the use of biometric data in personal devices is justified. None of the above problems manifest themselves in small samples of participants, so you can be relatively calm for safety. Moreover, the major players use an additional safety net in the form of a password. Huawei when using biometric unlocking asks to enter a password every three days. Banking applications use biometric authentication when they are already logged into the Internet bank, thus only adding additional protection to the use of the application. Biometric authorization when performing financial transactions is not used (if you know the opposite, let me know, it is extremely interesting to know the position of the company that adopted this practice).