KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Centralized biometrics protect user privacy like a band-aid protects a leak. In this session cryptography scholar Paolo Gasti will explain in simple terms why cloud-based biometrics as it currently exists puts biometric data at risk. Dr. Gasti will explain how to avoid the pitfalls associated with centralized storage systems and several emerging approaches that are tackling it.
Centralized biometrics protect user privacy like a band-aid protects a leak. In this session cryptography scholar Paolo Gasti will explain in simple terms why cloud-based biometrics as it currently exists puts biometric data at risk. Dr. Gasti will explain how to avoid the pitfalls associated with centralized storage systems and several emerging approaches that are tackling it.
Thank you. And, and thank you for having me.
Hi, my name is Paul Gasti. I'm an associate professor at the New York Institute of Technology. I'm also the, the CTO of Keyless. And today I, I'd like to go over cloud biometrics and their security aspects, their risk and challenges, and how these can be mitigated. So let's get started. The first thing that I would like to go over is biometric authentication, just to set the stage and to, and to have familiarity with, with some of the, the common terminology. So what is biometric authentication, right? Is the idea of using some human traits. You can think of face your fingerprint, your areas.
These are traits that we're familiar to or traits that are maybe, maybe we are more or less familiar with, such as freedoms. So how users type hand movement users hold their smartphone and how they interact with the, as they're using it. And to use these straight to distinguish between a genuine user, so user that owned a computer or smart and is supposed to use it from everybody else, someone that might have had access to this device.
The main characteristics, the more I, one of the most important characteristic we're looking for when we're talking about biometrics is distinctiveness or which means that two individuals will be different with respect to this particular trait, to people who have different faces, different fingerprints, but they also be different, for instance, in how they type on a, on a, on a keyboard or on a onscreen phone or how they use their phone.
And this is important of course, because the more distinctive a biometric is typically the more secure it is, but it's also a risk because the more distinctive a biometric is automatically means that the more privacy related information, the more privacy relevant information associated with that biometrics. And what does it, how does a biometric system work, right? So we have typically two phases. One enrollment phase where the system gets to know how a person looks like with respect to one of these traits. So the user will provide a biometric sample, we'll extract some features.
We'll process this data, we'll make sure that we're looking at the real user. And after this process, we come up with what is called a biometric template. So representation of the user with respect to that particular trait in phase fingerprint, typing patterns and so forth. Once this is done, that's the, that's the maybe more interesting part here is the authentication per se, right? We will take another fresh sample of the user, we'll sample the face, we'll extract the same features that we extracted during enrollment.
We'll reload the template from, from somewhere, and we will match this template with the biometric features that we just collected and extracted. If the two match user in, right, we unlock the phone, their bank account, but if the two do not match, we assume that we're dealing with an impossible. We don't give access to the user to whatever resources they're trying to access.
Now, as I said, the biometric will be stored somewhere and where it's stored important, right? And it, it's very important for privacy and security purposes. But before we get there, why do we want to use biometrics in the first place? Right? There are many important aspects of biometrics. So one is that there are, there are hard to fish and there are very, very easy to use compare with passwords, right? Password can be communicated over the phone, over an email that can be entered in the wrong form and therefore being communicated to an, but none of this is true with biometrics.
A properly designed biometrics system is, and it's very reliable, very low error rates, at least for phase fingerprint and other standard modalities. Those are very fast, very easy to use, very little to, to, no user training is required. And a very important thing about biometric is that they're strongly tied towards a particular person. A password is, doesn't prove that it's me, it just prove that I'm someone that knows that password, but a biometric is different.
I, if I can prove that this phase that I have is the one that was enrolled, then it's me, it cannot be, it's very unlikely that it's someone else. Much more unlikely than with, with a password. I cannot share metrics and if implemented properly, all these together results in lower implementation cost. And as I was saying, where user profile and when the user template you to do this matching is stored, identifies which type of biometrics we're talking about more.
One, one common modes is to store this template on the device that has been authenticated. What it means is that, for instance, I have a template I generate right when I, when I enroll with face ID or touch ID for instance, and that template never leaves my device matching operation by the comparison, that template and a fresh biometric sample, both operation and the store storing of that template themselves, they're all happening within, within the con the confines of the device. On the other hand, we could store this template somewhere else and, and also do the matching somewhere else.
For instance, on the cloud, this would lead to something that is a cloud-based biometrics, right? So both, again, the template is stored outside of the device and the matching therefore is gonna be done outside of the device.
And each, there are pros and cons, right? If we, for instance, if we look at on device biometric, the good thing is that data never leaves the device, which is a great feature from the point of view of privacy. Biometric data is very and therefore never leaving is, is really a positive feature of these systems. But unfortunately that that's more or less where we stop.
If you have with positive aspects, at least if you have multiple, you will have to enroll your, your biometrics multiple time, which same time, not a great user experience, but also not great from a security because this weakens the link between you who you are and a particular account. There's no way to know if, if you have two phones or a phone and a tablet or a laptop and a tablet and you, you enroll separately, there's no way to know that it's the same person enrolling on both. This is even more the case when you're using a fingerprint on one and a face on the other.
There's no way for the system to link these two pieces of information other than knowing that the, there's a very weak link between the user and identity and their biometric data so weak that if you're authenticating remotely, right? If I'm using this to authenticate bank transfer, for instance, or, or to access my, my bank account, it, this, this counts effectively as not as a biometric factor, as an inherent factor, but rather it counts as device authentication factor. The remote cannot tell whether an actual biometric authentication happen.
They only see the and cannot tell which template we use to authenticate the user, right? They cannot tell if this is the user they expected or one that happened with the biometric data stored on that device. Compound to that. So if the device is lost or stolen, so is the biometric data. So any trust that the, a remote party might have had built over time on that particular device and and pairing device and biometrics, that is all gone and, and, and so are recover flows are, are gonna be more difficult, right? The user will device and you can re-enroll on that device.
Those are gonna be difficult because the biometric data is gone and also risks are gonna be a great way to attack the system. Cloud-based biometrics address a lot of these issues, right? If you can, you can see here on the slide that the first thing is that if I enroll and I store my template remotely outside of the device template can be accessed by multiple devices. So I only need to enroll once. I don't have to re-enroll if I lose my phone or my computer. I don't have to re-enroll if I, if, if for some reason my, my phone breaks and I have to buy a new one.
And the recovery are also also much more, much smoother simply because by getting a new device, I have to authenticate with the template that is stored on the cloud and, and finally we have a stronger link between the user and their biometrics. Once I establish i the template that I identity of this user, this information is valid throughout time. So that's the benefit.
Fortunately, there are still some major gaps in this type of, of biometrics, which is what I, what I'd like to dive, which is your, the cloud obviously because it has access to the template also has access to access to the, the user. We, it's less than ideal for, for privacy and compliance reasons. We are creating a central honeypot where everybody's is stored and therefore accessing and compromising. That has pretty important cons.
If, if there is some sort of compromise of that data that the consequences are quite important. And, and, and as as as that they, there's a high risk of data exfiltration. Just the fact that all this data is concentrated in one place really hard to, to not only protect but also mix again, exfiltration easier and and more, right?
And, and to, to, to, to go a little bit deeper on this, there are, if you look at this from a point of view of privacy and private challenges, ideally what we want with any data by in particular with biometric is protection. When the data is at rest, when the data is in, when the data is in use at rest. For instance, if you're dealing with cloud biometrics, you could encrypt this data, but you would have have a way when you need to match it. So at rest maybe we can do something. But definitely in use, there's nothing, there's not much we can do based on traditional cloud-based biometrics.
Again, that's more or less a so problem we can use TLS or other forms of, of encryption, but the main open channel data in use the cloud-based biometric system, they all need to have access to the biometric data at the of matching. And there are important privacy consequences to that. There are techniques to do data anonymization, there are techniques to tokenization, biometric data and so forth, but their is very limited.
The biometric data is, is the ultimate PII that that there's nothing more identifi, they nothing the user better than their biometric data and therefore the simply anonymizing moving information about the user or, or, or doing certain kind of, of one way transformation doesn't really change the nature of the problem. We're still, and we're still dealing with, with meaningful impacts in case of, in, in case of data exfiltration.
So in, in, to summarize these points, again, data filtration is the main challenge. DN is not really something that is suitable, especially for biometrics and all these leads type of security, but also lack of compliance. If you look at GDPR in Europe, but also PDPA and CC world, you're starting to see that data is being, the use and the storage of biometric data has been further and further predicted for very good reasons. And these system, this based system, as I'm describing them now, they're clearly not.
It is gonna be very, make them suitable in a market where compliance is, is very strict. So again, in addition to security risk is a main, main issue. Fortunately, there are other ways to, or many of the risks and many of the challenges that we're, we're, that I described now. So the one of them is the use of secure multi-party computation then with biometric data.
Fact, the goal for, for this system is to address all the downsides of cloud-based biometrics while keeping all the benefits. All the benefits were there's no data, there's no biometric data on the user's device and therefore we can use a multiple devices to, to attempt, we, we can enroll once, we don't have to enroll multiple times. Recovery flows are straightforward. But then addition to all this, we don't want a central honey honeypot.
We, we, we, we can, we can achieve again, this calls with this protocol in a second. There's no data ex risk of data exfiltration because the data is, is simply not there. There are no compliance issues. This sounds a little too good to be true, right? All the benefits that that, that we built with cloud-based biometrics and at the same time none of the downsides.
And the idea here is that there is a little bit of magic coming from decades of research in the area of, of cryptography and secure multi-party competition by the community and by various company keyless and the, the, the gist that we can run over the years, over the decades where people have learned, we have learned how to run computation, the necessity to decrypt it. And this is playing a pivotal role in many areas, including biometrics specific for biometrics at a high level.
What this looks like is that we could have an encrypted template on, on the cloud and this template, it it's very different from what you would normally have for cloud, cloud based because the cloud will not have the ability to be encrypted. This, this template is encrypted with keys that the cloud doesn't have access to. And in some system these exist. Okay? What happens to, I'm really sorry to interrupt you, but I think it would be nice if you could kind of wrap it up and summarize this presentation like really quickly in the interest of time. Thank you. Absolutely abs. Absolutely.
Thank you for bringing that up. So yeah, so again, the goal we can, we can form every, that I was discussing earlier, all the mapping and all the, all the problem without detecting any of the data. As a result of that, those risks are, are, and and regulations are, are, are at this point no longer relevant because there's no biometric data or in any of the parts of the system. So in other words, again, just just to, just to summarize, cloud-based biometrics are, are, are great in, in terms of functionality. They offer bigger downsides in terms of privacy.
There are techniques out there like such as secure multi-party computation that can be used to address these downsides without impacting any of the benefits. And with that I would like to open it to questions.
Well, first of all, thank you very much Paula. That was indeed really interesting and promising. I guess please, let's have a round of applause for Paula.
