April 30, 2021
By Pavel Jirik in Blog
Methods of authentication using people’s physical characteristics (whether by fingerprint, iris, facial, or voice recognition) have given rise to the rapidly expanding business sector of biometrics.
For example, the facial recognition market has a compound annual growth rate (CAGR) of 17.2% and was expected to generate revenues of $3.8 billion in 2020 and $8.5 billion in 2021, according to the Facial Recognition Market by Component, Application, Vertical And Region - Global Forecast to 2025 report on ReportLinker’s website.
These numbers are somewhat similar to the results of a study by Marqual IT Solutions, which estimates that the revenue generated by the contactless biometrics market will reach $18.6 billion by 2026. This equates to a CAGR of 19.1% during the forecast period of 2020 to 2026.
Among biometric authentication methods, fingerprint access is the most widely used. It is an inexpensive, easy to use, and relatively reliable method, although it is not 100% secure (just like any other method). A few factors cause its vulnerabilities, but the growing popularity of using fingerprints as an identification method is one of the leading causes for that. Why? The more widespread a method, the more fraudsters try to adapt it in order to profit from illegal activities.
However, fingerprints are just one way of authenticating identity. Retinas, irises, facial patterns, hand vein patterns, and palm geometry are some other examples of physical (static) features that can be used for authentication, while behavioral features include signature, gait, and typing (dynamic).
Some biometric features, such as voice, share physical and behavioral aspects.
To add more context to that: in IT, "biometric authentication" or "computer biometrics" are defined as the application of statistical, mathematical techniques to the physical or behavioral characteristics of an individual for authentication, i.e., "verifying" their identity.
In this article, we will analyze two popular biometric authentication methods. We will study fingerprint and voiceprint, compare their advantages and disadvantages, evaluate security-related aspects, and provide you with some must-have information about biometric authentication in general.
Fingerprint vs. Voiceprint - Which Biometric Authentication Method Is Safer?
Not all experts agree that one particular biometric authentication method can be labelled the safest. What’s more, each one has its advantages and drawbacks, so you should consider many different aspects before the implementation of either (or any other) method.
Let’s compare fingerprint and voiceprint as biometric authentication methods and see whether we can conclude that either of them is the safer one.
Fingerprint as a Biometric Authentication Method - Is It Still Safe?
During recent years, fingerprints have been the most used biometric authentication method. They are used to unlock smartphones and laptops or to access control systems of restricted areas. It may seem that putting your finger on a reader and gaining immediate access to a protected location is a system that is not only secure but also quite convenient and effective.
The problem according to a study carried out by Cisco Talos, a threat intelligence group specializing in cybersecurity, is that it seems the security of fingerprint authentication is not as evident as it was a few years ago.
That research shows that fingerprint scanners are not sufficiently secure. In other words, the researchers managed to unlock and access several devices using a 3D printer, software, and low-cost glue.
As the author of a blog post titled Fingerprint cloning: Myth or reality? states, “Our tests showed that, on average, we achieved an ~80% success rate while using the fake fingerprints, where the sensors were bypassed at least once.” Then they continue stating that achieving this success rate wasn’t easy. Still, this level of success rate clearly shows that it’s possible to unlock devices secured by a fingerprint.
Fingerprint theft could be used not only to unlock a cell phone and read the owner's private messages, but also to access any other device or impersonate the owner to access their bank account and, for example, make purchases at the victim's expense. Fake fingerprints could even be used to forge documents and sign them online.
The good thing about fingerprints is that they are irreplaceable and very difficult to forge. In this sense, they are a more secure form of protection than alphanumeric codes, which can be compromised by attempting to use different combinations of numbers, letters, and signs. A drawback of this method, however, is that once someone succeeds in faking your fingerprint, they have it forever because you can't replace it or change it like you would if a password was stolen.
Voiceprint - a Safe Solution for Biometric Authentication
As mentioned above, there are many biometric authentication methods, and voiceprint is one of them. It works by analyzing voice patterns from a particular person and comparing them to those saved in a database.
To protect against voice impersonation, companies use biometric-based voice recognition software. The key to implementing this type of software is to record and analyze the natural and unique features of a person's voice and speech in the similar way as when a fingerprint or iris pattern is recorded.
Voiceprint is a secure authentication system which allows companies to achieve two things: to protect call centers from fraudulent calls and to protect impersonated people whose identity was stolen. A small voice sample is enough to identify someone and rule out imposters.
Biometric voice recognition systems are capable of identifying the unique features of each person's voice apparatus to create a user profile with a high level of accuracy. This is achieved by recording and analyzing personal traits such as the buccal and cranial cavity, vocal frequency, and other characteristic voice parameters.
Voice impersonation attacks using phone calls are on the rise as it is a cheap and, unfortunately, often pretty effective method of fraud due to poor security systems implemented in the targeted companies. Voice recognition technology using biometric parameters is not new. However, still too few businesses adopt it to protect themselves and more importantly, their users' or clients’ data against fraud.
The future of voice recognition using these techniques is exciting. You will be able to unlock your mobile phone, open your car, or sign a transaction with full legal validity with your voice being registered and completely secure.
Biometric Authentication - Things You Need to Know
Even though scientists work around the clock to improve biometric authentication methods, while organizations fighting against cybercrime are also highly active, you can’t ever rule out the risk of cybercrime or impersonation attempts.
That’s why you should be aware that biometrics, like any other industry or branch of science, has its limitations. There’s no single method that is 100% secure. Below you will find things you should know about biometric authentication.
1. Biometrics is Not an Unambiguous System
In the case of biometric authentication methods, there may be some doubts about ambiguity. Unlike password identification (“You either know a password or you don't.”), there may be some issues with recognizing fingerprints or facial characteristics. For example, an image of someone’s face may coincide to a large extent with how it looks in real life, but it might not be completely identical.
In such cases, problems can arise if the threshold for matches between photos and the real-life image is not well adjusted. If the threshold is too strict, the system may be ineffective if it rejects people who should be validated. On the other hand, if the threshold is not too strict enough you could validate unauthorized people. Also, there may be people with very similar physical features. It is not scientifically proven that fingerprints are unique, and in the case of the face, there are complications such as twins.
2. Biometric Data Are More Exposed to Public
Our facial features are often widely known, as we move around in public spaces and share photographs in digital places like social media. Even a fingerprint could be copied from images, as Chaos Computer hackers did in 2013 when they created a copy of the fingerprint of then-German defense minister, Ursula von der Leyen (source).
Fortunately, obtaining an image is relatively easy, but converting it into a 3D mold that works on a sensor is no longer so simple according to Cisco Talos (as mentioned above).
In addition, biometric recognition systems are evolving. For example, many facial recognition systems no longer validate a person’s identity if their eyes are not open or if they don't detect a certain movement. All of this additional security aims to prevent fraud with photography or a facial mask (source).
In other words, all cutting-edge biometric recognition systems (voice biometrics, facial recognition, vein recognition) are constantly evolving to make it harder for fraudsters to use fake biometric data.
3. Physical Features Used for Authentication Can’t Be Easily Modified
Fingerprints and irises have permanent features that we can’t easily change. This becomes a problem when someone gets hold of your biometric data and uses it to commit a cybercrime. Unlike in the case of a stolen password, if an attacker gets a hold of any of your permanent characteristics, then they can’t be much changed to prevent further use.
4. The Use of Biometric Data Can Cause Privacy Problems Due to Traceability
Suppose the use of biometric data was extended, and you could, for example, use a fingerprint or iris in many places or to access many systems. A cybercriminal with the access to a digitalized version of this fingerprint or iris could be able to make queries in compromised databases where this sensitive information was registered. As a consequence, such a person could access sensitive data or spy on someone.
How to Find the Most Secure Biometric Authentication Method?
When choosing a biometric authentication method, the general recommendation is to constantly analyze and seek the best options for shielding digital environments in terms of security, identification, and authentication. As they become more popular, they also become more vulnerable to cybercrime. Because of that, it is best to turn to technology experts who will offer you the most reliable biometric authentication method crafted to your company’s needs and requirements.