Biometric data security: storing biometric data

Data security is a critical element for organizations across all industries, government entities and individuals. This is because data breaches are more common now than ever before. Additionally, there are varying agendas for hackers; some simply want to steal information and sell it, while others may encrypt it, lock it and only release it to the rightful owner once a ransom has been paid. Regardless of the agenda, data breaches can cause irreparable damage to an organization. This is not only the case with documents; there is a great need for biometric data security.

Biometric data is computer data that is developed during a biometric process, such as all verification and identification data. This may include fingerprints, eye scans, models, samples and similarity scores. Biometric identifiers of an individual eventually become a biometric template as they are sent through a recognition system. They are then processed by specific algorithms. Biometric templates are unreadable binary files and encompass unique traits of an individual's biometric data.

Biometric features are now captured and stored electronically on information management systems. Therefore, this data must be highly protected, just like electronic documents and records.

Today, many organizations are using biometrics, as opposed to traditional passwords and usernames for user authentication. This is because there are some inadequacies in username and password-based identification systems. However, there is also a pitfall to biometric security: One could change a password or username if compromised; biometric features and identifiers cannot be changed because these are identifiers of an actual human being. This can complicate the security of the data.

This is why biometric data security is considered a higher priority than traditional electronic records. Organizations must implement storage–based strategies in order to protect this particular group of data.

There are several storage-based strategies for biometric data that organizations can employ.

Data can be stored on a portable device such as a smart card. This is not a centralized storing method where it is vulnerable to network-related issues. On a smart card, users have a certain amount of control of their biometric data. However, this storage can be costly and the user will have to present the biometric smart card to biometric readers to get their identity verified.

A centralized biometric database is less costly than the portable-token approach. It is also beneficial for organizations that prefer the data to be accessible and authenticated from multiple locations. As mentioned before, however, this can make the biometric data more vulnerable to unauthorized individuals or entities. An encryption code can reduce the vulnerability, but the storing of encryption key codes and deciding who has access can pose other issues.

Storing biometric data on recognition systems allows for a quick response during the user identification process. This is because the reference template is stored locally, which means that it can be quickly retrieved.

There are two categories for protecting biometric data templates: feature transformation and biometric cryptosystem.

As noted by MathWorks, feature transformation is a group of methods that develop new features. This is ideal for dimension reduction when the transformed features have a higher descriptive power. This weeds out less descriptive features from consideration.

Biometric cryptosystems protect biometric data by leveraging helper data. However, important information is not disclosed by the helper data regarding the original biometric template. This method also employs the key-binding and generating approach.