With the help of technical means, it is impossible to completely protect against leaks of any data, including biometric ones, but you can try to make this data useless for cybercriminals. This was told to Izvestia by Alexander Chernykhov, leading expert of the Information Security direction of the IT company CROC, on Thursday, April 15th.
According to him, at the moment it is more correct to speak not about fake biometrics, but about the theft of already collected data, although deep fake technologies (fake biometrics) are becoming “more widespread”, but so far “they cannot replace a real person by 100%.”
To protect against theft of such data, you can, for example, use the technology of “revocable biometrics”, which is based on “deliberate corruption of biometric data based on a pre-selected algorithm. The biometric signal is equally distorted both during registration and during each identification.
“This approach allows you to use a different method for each record, which prevents cross-matching. And in case of theft of data, the organization will simply need to change the algorithm for making changes and the data stolen by intruders will no longer be used, ”the expert concluded.
Dmitry Galov, a cybersecurity expert at Kaspersky Lab, believes that the creators of systems that use biometric data should take care of security measures for collecting and processing images and personal information. In this case, the risks of their use will be “small”.
“The base itself must be stored in an encrypted form, and when comparing images, it is necessary to use hashes – numeric codes that are obtained as a result of image analysis according to certain algorithms. Thus, even in the event of a leak, the original data will be impossible to recover, ”he stressed.
Earlier on Thursday, the Kommersant newspaper, citing the passport of the Digital Citizen Profile project, which is being developed by the National Innovation System working group led by Deputy Prime Minister Dmitry Chernyshenko, said that Rostelecom, together with the Cabinet of Ministers, will restart the Unified Biometric System (EBS). To obtain biometric data of 50 million Russians, primarily through the MFC, the state company will spend 6.6 billion rubles until 2030. In the previous three years, biometrics were collected from 164 thousand people.
On the same day, Deputy Minister of Finance Alexei Moiseev at the conference “Technologies and Trust: Protection of Authenticity and Identification” said that counterfeiting biometrics could become a serious problem for society in the future. He noted that there is still no understanding of what a person should do if his biometric data has been compromised.
In Russia, customers who have submitted face casts and recorded voice samples to the EBS can remotely open a bank account that already has such functionality. By January 1, 2022, such an opportunity should be organized by all credit institutions with a universal license.