How can people continue to use biometric based authentication on their favourite devices without worrying about their unique data being stolen and misused?
To answer this question, Kaspersky has teamed up with a 3D accessory designer from Stockholm and together they have created a showstopping piece of jewellery at the intersection of technology and art – a unique ring that serves as an extension of a person’s digital identity, designed to keep users’ biometric data safe.
Today, our bodies are becoming the key to digital authentication, replacing pins and passwords. With many services becoming digital and automated, our unique biometric data is becoming a vital element in unlocking these services – you already use your fingerprint or your face to unlock your phone, to make payments or to even access your home or office.
But our biometric data is unique – there is only one person in the world with specific fingerprints, facial traits or irises, and such a widespread use of biometric data means it is stored in numerous places under different conditions.
If biometric data is compromised, be it a fingerprint, face or iris – once lost they are lost forever and cannot be reset, unlike compromised passwords which can be.
Unfortunately, this is not a theoretical problem. In 2015 the Office of Personnel Management (OPM) hack in the US caused 5,6-million fingerprints to be leaked.
More recently, the fingerprints of over 1-million people were discovered on a publicly accessible database used by the UK Metropolitan police, defense contractors and banks.
That is in addition to multiple examples where researchers have demonstrated proof of concept schemes which allows human fingerprints to be stolen with the help of digital cameras and other widely available tools.
Kaspersky’s own research highlights that biometric data is at risk of being compromised. A recently conducted overview of cyberthreats to systems used to process and store biometric data, showed that various malicious threats (including remote access Trojans, ransomware, banking Trojans etc) are often found trying to infect IT systems. In Q3 2019 alone, around 37% of such computers encountered one of those threats at least once.
Does that mean that people should stop using these technologies in order to protect their unique biometric data from being abused by others? Not in the slightest.
Kaspersky has partnered with the 3D accessory designer, Benjamin Waye and creative agency Archetype to create a unique jewellery piece – a special ring that has a printed artificial fingerprint pattern that can be used for authentication.
The ring is just one of the possible solutions for protecting peoples’ biometric data in an environment where there isn’t a 100% guarantee that real biometric data will be stored by third parties responsibly.
With this kind of accessory, people can unlock their phone and use other systems that require authentication via a fingerprint without the worry that their biometric data will be stolen.
Unlike a real fingerprint, the artificial fingerprint can be changed and reset. In the event your biometric data is leaked due to an attack, the ring can be replaced with a new artificial pattern – and your unique personal data will be secure.
“By combining the elements of art and technology, the ring makes the person wearing it stand out from the crowd as a visionary,” says Benjamin Waye, the 3D accessory designer who created the design of the ring.
“It is a different approach to how we wear jewellery. Usually, it is much more practical. Not only is it considered beautiful, but it has been designed with the aim of helping to solve quite a serious problem in today’s modern life. It helps preserve our uniqueness in a world where everything could otherwise be copied,” he adds.
“While the ring is just one of the possible ways to tackle the current cybersecurity problems related to biometrics, this is certainly not a silver bullet,” comments Marco Preuss, director fo Kaspersky’s Global Research & Analysis Team in Europe/ “A real solution will involve creating measures and technologies that would guarantee the protection of people’s unique identities.
“Such a solution is yet to be developed and to be honest, the current situation surrounding the safety of biometrics is not where it needs to be.
“Nevertheless, with the increasing adoption of these technologies, it is extremely important that we start the conversation within the relevant industries to develop a collaborative approach to ensure this data is protected.”
Kaspersky believes that the current cybersecurity landscape requires a drastically different approach – a transition from ‘cybersecurity’ to ‘cyber-immunity’ where systems are designed and built to be secure and should not require security solutions to be included as add-ons.