Fingerprints lifted from glass and other tricks of the hacker trade have long put a questionmark over biometric security systems using only fingerprint recognition. Now researchers at the University of Johannesburg (UJ) have developed a system that gets around the problem. It allows biometric data like fingerprints and iris patterns to be used to access computer systems securely, encrypt and decrypt data, and to sign documents digitally, but without some of the security holes in many similar systems.
In a landmark scientific development, two researchers at the University of Johannesburg (UJ) have developed a system that allows biometric data to be used to access computer systems securely, encrypt and decrypt data, and to digitally sign documents.
Professor Basie von Solms, a Research Professor in the Academy for Information Technology at UJ and President of the International Federation for Information Processing (IFIP), and fellow researcher and colleague Dr Bobby Tait, a lecturer in UJ’s Academy for Information Technology, have shed some light on how biometric fingerprints, iris patterns and the like can be used to create a secret key for data encryption without remembering different passwords.
Prof Basie von Solms
According to Prof von Solms and Dr Tait, they have used the BioVault infrastructure, developed at UJ over the last four years, to provide a safe and secure way to use biometrics tokens to access computer systems over the Internet without the risk of the biometric token being intercepted and reused. BioVault also prevents biometric tokens acquired in an unauthorised way, for example a fingerprint lifted from a glass, to be used by an unauthorized person to masquerade as the real user.
Further uses of BioVault include using a biometric token as an encryption and decryption key for securing data during transit over the Internet, and also for digitally signing an electronic document.
It is generally accepted that the use of passwords for access purposes is not very secure, as the computer system can only verify that the password is correct, but not that the password is offered by the authorized owner ‚ there is no link between the password and the owner, and the owner is therefore identified and authenticated (verified) indirectly.
This makes it easier for an unauthorized person to use a stolen password to get unauthorized access to the real owner’s information. A significant percentage of cyber crime is based on this fact. Using biometric tokens can eliminate this problem, because such an approach verifies the owner directly, and not indirectly.
With biometric tokens, the real owner is authenticated and verified, which makes the whole process much more secure. However, problems with the wider use of biometrics over networks were related to the fact that a biometric token can be intercepted, and re-used (replayed), or that a biometric can be acquired from the user’s contact with the environment, and then be used in an unauthorized way.
These problems inhibited the wider use of biometric tokens over insecure networks, and prevented the real power of biometrics to be leveraged.
‚BioVault addresses these problems and it is now possible to use biometrics more securely,’ says Von Solms.
The research on Biovault had been presented at several international conferences, and Dr Tait will present two further reports on the research in London and Paris in September.
Von Solms had been active in the area of Information Security, locally and internationally, for the last 20 years.
email this to a friend tt tt printer friendly version