April 5, 2017
A more secure biometric authentication system
EPFL's Security and Cryptography Laboratory joined forces with startup Global ID to develop an encryption technique for processing biometric data captured via 3-D finger vein recognition – a system that's next to impossible to counterfeit.
It's too easy to fake fingerprints, and current biometric authentication systems are simply not secure enough. That is the view of EPFL researchers studying biometric identification through vein recognition – a system that could be particularly useful for hospitals, law enforcement and even banks.
Now EPFL's Security and Cryptography Laboratory and the startup Global ID have developed an even more secure identification system that processes data more safely than current standards and that leverages 3-D vein imaging technology developed by the Idiap Research Institute in Martigny, the University of Applied Sciences in Sion (HES-SO Valais-Wallis) and Global ID.
Revolutionizing ID systems
"Two-dimensional vein recognition technology is already used throughout the world, but the system has its flaws. With 3-D analysis, the risk of counterfeits is essentially non-existent since we all have different veins," explains Lambert Sonna Momo, the founder of Global ID. The vein scanner identifies someone when they place their index finger on the sensor.
This portable scanner has potential to be used in a wide variety of applications, from financial transaction authentication to border controls to identifying patients in hospitals. In fact, efforts in this regard are already under way at Geneva University Hospitals and the University Teaching Hospital of Yaoundé in Cameroon.
Protecting your private life
A key aspect of verifying someone's identity using biometrics is protecting their private information – the challenge at the heart of EPFL's project. "Guaranteeing data security is crucial, such as when countries want to store their data abroad," says Sonna Momo. To resolve this issue, Serge Vaudenay's Security and Cryptography Laboratory developed a system that uses homomorphic encryption: the scanner and identification mechanisms process the data without actually decrypting them, so that people's information remains confidential.
The process therefore eliminates the risk of data being stolen when a person's biometrics are being taken and verified. The scanners that are currently used at airports, for example, save the biometric data directly on the device in case the data needs to be reused. And thanks to communication algorithms developed at EPFL, if any data is stolen, it is immediately traced back to the device from which the information was leaked.
Applications for developing countries
The system's robustness makes it an especially interesting solution for developing countries. "The current systems don't take into account these countries' specific needs – their infrastructure is sometimes lacking and weather conditions can make things difficult," explains Sonna Momo. The relatively inexpensive scanner (at around CHF 300) was tested on several hundred people in Cameroon this past February in order to improve the algorithms' accuracy for all skin types.
Global ID is aiming to produce a manufactured prototype for potential investors by this summer, and in the medium term, the startup hopes to offer "identification as a service" to hospitals and governments. That way, the identification system could be quickly rolled out without an upfront investment in infrastructure or personnel.