A solution to remote biometric identification

Abstract

Identification is an essential part of security in most systems. There are many technologies and protocols supporting this functionality. Biometrics is considered promising because of ease of use from the user's viewpoint. They are also helpful if physical user presence has to be guaranteed. This paper studies security of biometrics if used in distributed and unprotected contexts. It demonstrates that an unprotected architecture is vulnerable to trivial attacks and that the use of biometric technologies in the user identification process may significantly undermine the security chain of the whole system. A solution which removes most of the difficulties is presented and discussed in the context of a distributed e-health application.