Together We Stand: Will Biometrics and Blockchain Build a Joint Future?
Biometrics has firmly entrenched itself as one of the leading technological trends of the FinTech Industry in 2015.
Biometrics has firmly entrenched itself as one of the leading technological trends of the FinTech Industry in 2015. While Biometrics have been used for more than 15 years now, over the past 12 months there has become a far greater demand for them.
The market numbers speak for themselves - according to prognosis' from different sources, the size of the market is currently larger than 10 bln USD$, by 2020 this number will reach nearly 24 billion USD$, growing at a CAGR of 17.9%. To add on to this, an investigation by Goode Intelligence has shown, that by 2017 more than a billion people will be using biometric authorization for their banking needs.
A Replacement for PIN
While mobile payments and online banking have firmly entrenched themselves in day to day life, the problem of personal information security on the internet has become exceptionally topical in recent days. It can't be said that the growth in interest is in anyway connected with radical innovation since biometrics has been actively used for more than 15 years now. However, in the past year these technologies have become far more demanded. The results of a vote carried out among the participants of the Money 20/20 conference in Las Vegas show that up to 28% of responders confirm that biometrics will have a huge impact on preventing theft in the system of online payments.
The secret reason for the popularity of the biometric authentication technology is quite simple. What are most popular methods of authentication nowadays? Passwords and PINs, which are, in a sense, precise sequences of symbols, generated by a system or a user. No matter how complex you make the system hackers and cyber-criminals will not be particularly stumped in breaking the code. Plus, there always exists the risk of simply forgetting or losing the password, especially if the password is particularly difficult.
While Biometrical authentication is capable of completely solving these problems. The user will no longer be forced to come up with long passwords to remember. In a sense, now he or a part of him becomes the password.
Simple Yet Secure
This system is both quick and comfortable. Instead of spending time typing in a sequence of numbers and symbols every time you want to access your information, you will have to spend no more than a few seconds making a small, simple gesture - such as putting your finger on a scanner - the authentication procedure will be completed.
Also it is considered very secure. It is self-evident, that biometric specifics, essentially being the physiological characteristics of an individual, are connected only to one particular user, and passing yourself off for someone else with these parameters becomes essentially impossible. These specifics are impossible (or at least, incredibly difficult) to mimic. Of course, some anomalies can happen, such as two people having nigh identical fingerprints, with minimal differences. However, the more biometric technology advances, the more sensitive it becomes to these differences.
It could be even more interesting to look at the possibilities of biometrics in the context of another major technology trend of the current day - the blockchain. This kind of correlation is no surprise - in the same vote put forth at the Money 20/20 conference, the Blockchain took a coveted third place. Many people are talking about biometrics nowadays - but far more are talking about the Blockchain. Both technologies are working in the same direction - securing the safety of monetary transactions in cyberspace. That is exactly why, the idea of combining these two technologies is hardly fringe.
You would think, that the merger of two reliable and promising technologies is capable of doubling the security of your personal information. However, as it often happens when discussing new technological trends, opinions tend to differ.
Andreas M. Antonopoulos, a world famous expert in Security Systems expressed his skepticism.
"I don't see any advantages in integrating biometrics into blockchains, directly. Perhaps if the biometric is a pre-image of a hash, then the risk isn't too great and it can be used later for verification. Otherwise, the public and transparent nature of blockchains makes the weaknesses of biometrics worse" - declared Antonopoulos.
According to the expert, the weaknesses of biometrics lies in several aspects. First, it is rather easy to copy, which has been proven multiple times in the security industry. Second, having been stolen, they (who they?) cannot be changed, which makes biometrics only viable as a secondary form of authentication. Third, biometrics is vulnerable to a criminal applying hard force - for example, physically forcing a user to place his/her finger to a scanner. In such a situation biometrics cannot act as an independent security system, other layers are necessary.
On the other hand, there are other experts who look at the integration of biometrics in the blockchain purely from a positive standpoint. For example, Michel Chajes, a professional with a rich background in the sphere of Security and Biometrics.
"I think it's a good idea to combine the use of biometric templates and the strongly reliable way data are handled in Blockchain database as in the system developed to manage the cryptocurrencies such as Bitcoin, to develop a strong way to secure banking or financial transactions using own biometric data of the customer."
- Andreas M. Antonopoulos
The Founder’s Argument
Johann Caubergh, the head of BioSSL and a veteran of the biometrics industry (with 15-years’ experience), sees a major potential for the possibilities which biometrics unlocks for the blockchain. In his own words, the possibilities of biometrics can complement the blockchain, rid it of its current potential weak spots, and fortify the security of information from the side of the user.
“The strength of the chain is measured by the weakest part. In blockchain it is the user himself.
So the stronger the security is in the network and the blockchain is self-supporting security, the weaker it is for the user. By creating a biometric password, the user will be owner of his data… for life.”
Taking into account all these opinions, there seems some kind of contradiction. After all, biometric specifics are unique to each user, and as we have discussed, are tied to a particular individual. On the other hand, one of the advantages of the blockchain lies in its anonymity. What if the integration of biometrics within the blockchain completely invalidate this advantage?
Once again, opinions differ. Andreas Antonopoulos states:
"By embedding into a blockchain, the irrevocability of biometrics is added to the immutability of a blockchain which makes dealing with compromised biometrics even more difficult. While biometric registration may not reduce anonymity directly, it can be used to enhance statistical analysis of activity, so that the leak of a single identifier can destroy all privacy."
On the other hand, Michel Chajes once again presents an argument in defense of biometrics:
"Biometrics can be used to secure such transactions, only if the biometric data are anonymous, cannot be hacked without alarm, or accidentally or maliciously altered […] I do not see drawbacks of such a solution, besides it guarantees the anonymous side of the biometric templates of the user, there is no way to link his biometric data to his identity if he doesn’t want it."
Johann Caubergh is also sure, that these sort of concerns are unfounded. He defends his point of view with several counter-arguments. According to him, simply using biometrics for authentication on its own does not constitute a break from anonymity for the user. Everything else depends on him - while going thru the registration process it is his own volition to divulge his personal information, and how much of it. He can decide whether he wants to link his biometric specifics to his email address, or to his passport serial number - but this is all left up to the user himself, and if he even wants to keep his real name a secret, no one is forcing him otherwise. “The biometric information does not carry a name. It is a password.” - says Johann Caubergh.
Besides this, BioSSL, acquiring the biometric information of the user, never saves their image - whether that be a fingerprint scan or a picture of the users face. In this lies the unique approach of the company to the problem of web security - information that the company receives, is generated into a sequence of data/hash, which even in a decrypted state does not carry any sort of information that hackers or cyber-criminals could use; as such, reverse-engineering the users face or fingerprint becomes impossible.
Interest and optimistic outlooks in regards to the merger of biometrics and the blockchain are shared not only by experts and industry veterans, but by another important group, investors. This tells us that in the future, with the necessary financial backing, the symbiosis of this two technologies can become an entirely new branch of developing web security systems.
Simon Dixon, CEO BnkToTheFuture.com and Fund Manager Bitcoin Capital, says:
“Passwords have failed us. They are just too hard to manage securely. It is looking like our iris and other biometric data like fingerprints are set to be our passwords of the future as more and more devices integrate with technology like BioSSL. Storing that biometric data is the next major challenge ahead though as biometric data is likely to be the next major target for hackers performing identity theft and financial fraud. Fortunately, Bitcoin gave us the Blockchain where data can be stored cryptographically across thousands of computers free from hackers as well as companies and governments. Biometrics and Blockchains have the potential for consumers to win the war on privacy and personal security of their identity and data. I look forward to this going mainstream.”
Speaking on the future integration of BioSSL in the Blockchain, Johann Caubergh also shared with us his rather grand-scale plans - so, the company plans to introduce DNA-authentication for each block. “This is the biggest challenge, where we will go inside the blockchain, so that every block in the blockchain will have a DNA of the user. Controlled by the user. Owned by user. For life. And only by his/her authority transmit to a new owner.” - tells us Caubergh.
Will these grand plans be realized? Only time will tell. It's self-evident though, that the integration of biometrics within the blockchain makes a lot of sense. There can never be such a thing as too much security, and if there is a way to defend our information even better - why not give it a shot?