Connect with us

News

Are biometrics the backbone of personal security in smart cities?

Published

on

Alexander Murzina

By: Alexander Migutsky, Advanced Technologies Specialist, Positive Technologies
Alexandra Murzina, Head of Advanced Technologies Department, Positive Technologies

What makes smart cities so fascinating is the level of personalization the ecosystem promises across essential daily staples including work, transport, payments, and complete control over applications at home.

With immeasurable IoT applications and effective use of big data analytics, smart cities will emerge a phenomenon that seeks to make us question how we ever managed to operate any other way.

Achieving this level of personalization won’t be easy though. A larger interconnected network requires paths to identify users so they can tailor their experiences to themselves. Whether it be biometric ID cards or authentication portals, users should be able to authenticate themselves and connect to networks using their personal information.

Biometrics are widely used in enterprise security, access control, and banking operations, with facial recognition and fingerprint authentication systems now commonplace in companies, subways, stores, and restaurants.

The demand for biometric technologies is being driven, among other things, by the increasing adoption of biometric systems in the automotive and consumer electronics industries.

But are biometrics geared to provide comprehensive support to smart city infrastructure?

According to Fortune Business Insights, the global biometric system market size is projected to reach USD 76.70 billion by 2029.

However, there are still safety concerns about how these systems operate and make decisions; questions arise – Exactly how safe are these systems? How do they work under the hood, how do they make decisions?

Positive Technologies’ in-house team of cybersecurity experts conducted a white hat investigation focusing on physical and cyber threats to machine learning systems, including attacks that aim to compromise system confidentiality and obtain data.

The goal of the investigation was to discover gaps within biometric security systems leading up to their inevitable integration into smart infrastructure. We hope that our findings can shed some much needed light upon how the industry can collectively ensure seamless connectivity and functionality within biometric authentication systems supporting smart infrastructure.

During our investigation, we took apart two biometric devices and examined their internal electronics.

Device 1

The first device is expensive and uses advanced technology with the latest biometric algorithms. It has a depth camera, two conventional cameras, and an IR dot projector. A depth camera uses a combination of technologies to obtain depth information, increasing the reliability of the biometric system, which means attackers would need to know the user’s face geometry and have the ability to recreate it. Naturally, a device with such technology is used in access control systems at airports worldwide. Such a device is bound to be a staple of central transportation hubs in smart cities. So, how reliable is the device really?

During testing, we discovered that the device has liveness detection to identify whether the biometric source is real. The cameras capture the image, which is then received by deep neural networks for processing.

We found vulnerabilities in the system, particularly through remote code execution (RCE) attacks, which allowed us to extract machine learning models and user vectors to recreate the biometric authentication algorithm. We attempted to restore a user’s face from the representation hidden in the database.

Although we had a shot at carrying out a successful attack, there was probably a lot of optical distortion in real conditions, due to which we lost some points.

Security analysis:

  1. Developers did not use depth camera data for authentication which allowed us to circumvent the authorization algorithm.
  2. The algorithmic assessment failed when we attempted to generate an artificial face matching a real person’s biometric pattern, but attackers could potentially succeed with more time.

Device 2

The second device we studied was a biometric terminal for tracking employees’ work hours – crucial to supporting enterprise workforces within smart cities. It wasn’t as advanced as the first device as it lacked CUDA cores for complex neural networks. However, it used machine learning algorithms from the 2010s and had two cameras: one conventional and one infrared for biometric authentication.

The infrared camera is the key feature of the terminal. It captures invisible details, making it difficult to trick the system. The terminal uses a cascade classifier, 15 Gabor filters, and an algorithm for local binary patterns in the infrared range to detect and analyze facial features. Although it has some vulnerabilities, such as recognizing the same user with and without glasses as different people, the combination of technologies provides decent defense against attacks.

Security analysis: The biometric terminal is less flexible than the first device because it uses only the infrared range and classic algorithms. Nonetheless, this design makes it more resistant to attacks.

Conclusively

Having studied biometric access control terminals that use different algorithms, we discovered that the terminal with neural networks is flexible and can authenticate users wearing masks, helmets, or makeup, but it can be hacked through considerably antiquated mirroring tactics.

The terminal using classic machine learning algorithms is more resistant to illegal authentication attempts. However, both terminals are vulnerable to remote code execution attacks.

Our recommendations for developers looking to strengthen biometric device security include:

  1. Using data from the depth sensor to distinguish between individuals.
  2. Conducting independent device audits.
  3. Collaborating with security researchers and be open to receiving help.

Developing devices for smart city infrastructure is a complex process that requires experts conducting diligent trial and error routines to ensure frictionless operational capacity across the grid.

Even highly skilled teams can make mistakes, leading to vulnerabilities in the final product. Being open to feedback from real users and experts are key to optimizing biometric applications within smart infrastructure.

By eliminating passwords and PINs, biometric authentication provides a disruptive step in the field of cybersecurity and alleviates concerns around the security of copious amounts of data needed in a hyper-connected ecosystem.

While designing IoT applications for smart cities, biometrics are the ideal solution to achieving personalization and privacy backed by seamless authentication, provided the machinery involved is treated with a pristine level of care and pressure testing.

Continue Reading

News

HID Recognized for Its Design Expertise as Bahrain’s ePassport Wins Multiple Prestigious Awards

Published

on

HID has recently achieved global recognition for its Bahrain ePassport project, clinching several top honors. These include the distinguished London Design Awards, the High Security Printing Award, and the iF Design Award. This suite of praises reinforces HID’s leadership in security design, showcasing its innovative approach to integrating cutting-edge security features with aesthetic and cultural elements.

Craig Sandness, Senior VP and Managing Director for Citizen Identity at HID, shares, “Our design philosophy is centered around seamlessly weaving security into the fabric of the document’s design. The Bahrain ePassport is a prime example of this approach, where innovation meets artistry. This is not just our success; it’s a shared victory with our Bahraini partners, local artists, and calligraphers. Together, we’ve crafted a document that is as secure as it is symbolic of Bahrain’s rich heritage.”

The Bahrain ePassport, celebrated for its innovative design, marks a milestone in document security by introducing the world’s first document-embedded hashtag, #teambahrain. This feature is more than a nod to digital savviness; it’s a strong symbol of national unity and a testament to HID’s ability to integrate modern digital elements with traditional security measures.

HID’s work on the Bahrain ePassport has been recognized across several categories in the London Design Awards, including Gold awards in Service Design for Government, Cultural, and Best User Experience categories, underscoring the project’s excellence in functionality, cultural sensitivity, and user engagement. The High Security Printing Award for Best New ePassport for EMEA and the iF Design Award in the Publications and Communications category further validate HID’s skill in creating secure, user-centered design.

The collaboration between HID, Bahraini authorities, and local artisans highlights HID’s commitment to incorporating local culture into its security designs. This partnership approach not only enriches the document’s aesthetic appeal but also enhances its acceptance and significance among citizens, demonstrating HID’s leadership in creating identity solutions that respect and celebrate cultural heritage.

“As we celebrate the one-year anniversary of the Bahrain ePassport, we look forward to continuing our journey of innovation,” adds Sandness. “We invite governments and organizations worldwide to join us in this journey of creating secure, innovative solutions that pave the way for the future of identity documentation.”

Continue Reading

News

Fitness First Marks Mother’s Day with Four Days of Free Access

Published

on

As Mother’s Day approaches, Fitness First is proud to honour and celebrate all mothers with a special gift of health and wellness. From 21 to 24 March, Fitness First invites all mums to enjoy complimentary access to its state-of-the-art facilities at any of its UAE-based clubs.

Recognising the invaluable role of mothers in our lives, Fitness First is opening its doors to mothers of all ages and fitness levels, offering them the opportunity to prioritise their well-being and embark on a journey to better health. Whether it’s a rejuvenating yoga session, an invigorating cardio workout, or a strength training class, Fitness First provides a wide range of fitness options tailored to meet the diverse needs and preferences of every mother.

In addition to offering access to top-notch gym facilities and equipment, mums visiting Fitness First during this special period will also have the opportunity to participate in group fitness classes led by certified instructors, and connect with other like-minded individuals in a supportive and motivating environment.

Continue Reading

News

Visa-free countries for UAE residents looking to book last-minute getaways this spring term break

Published

on

As UAE schools gear up for the upcoming spring term break starting from 25 March, residents are planning for their well-deserved getaways, ready to embark on new adventures and explore the world. Global travel marketplace, Skyscanner recommends these visa-free travel destinations for UAE residents this spring term break.

Ayoub El Mamoun, Skyscanner Travel Expert, invites families and adventure seekers alike to explore these captivating visa-free destinations

Seychelles starting from AED 2,711 – “A tropical haven with pristine beaches and lush greenery, Seychelles is perfect for family retreats. Explore Anse Lazio’s white sands or snorkel in vibrant coral reefs for a blissful escape.”

Georgia starting from AED 1,703– “Steeped in rich history, Georgia welcomes UAE residents to explore ancient monasteries, stunning landscapes, and vibrant cities. Georgia is becoming a regular tourist haunt for UAE residents given the sudden influx of Georgia tour packages and the family activities to be experienced.”

Jordan starting from AED 1,752 – “A treasure trove of ancient history and natural wonders, Jordan is a captivating family destination. From the rose-red city of Petra to floating in the mineral-rich waters of the Dead Sea, Jordan promises a timeless family adventure.”

Malaysia starting from AED 1,903 – “A melting pot of cultures and landscapes, Malaysia invites families to explore bustling Kuala Lumpur, beautiful Langkawi beaches, and vibrant neighborhoods in Georgetown. Trek lush rainforests in Taman Negara or dive into the colourful underwater world of the Perhentian Islands. Try Skyscanner’s multi-city search too to explore all that Malaysia has to offer.”

For travellers still deciding on a destination to visit this upcoming break, a Skyscanner ‘Everywhere’ search is one of the easiest ways to be inspired. Ordered by cheapest price, a search to ‘Everywhere’ shows travellers all the destinations available for your desired travel departure.

Skyscanner’s Everywhere search tool reveals return flights to visa-free destinations such as Thailand from AED 1,891, Philippines from AED 1,932, Azerbaijan from AED 1,634 and Malaysia from AED 1,976 round trip.

With the convenience of visa-free travel to various destinations, the options for an unforgettable getaway are endless. So pack your bags, book your tickets, and get ready for a stress-free holiday.

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator