When discussing biometric data and its application for authentication and identification, it’s important to differentiate what the various terms involved mean. Authentication simply means demonstrating to a biometric scanner that your biometric data matches the biometric data that was entered and associated with you – or another individual – previously. Identification means determining that a person is who they say they are. This difference, illustrated by this article in Techpinions, is important to understanding the reliability of biometric data and whether or not it is easy to falsify.
The IEEE published a paper on biometrics in which they point out an important difference in the various security methods commonly used today. Some of the security methods rely on what you know. This would be, for example, an email system that requires you to enter a password to gain access to it. There are other systems that authenticate you based on what you have. For example, if you went into a nightclub and you presented a driver’s license, the bouncer might scan that license to determine that it was valid and, because you have a valid identification that has your picture and your information on it, they can determine that you are of legal age to gain access to the club.
The third type of identification detailed by the IEEE and the one most important to biometrics is based on what you are. This can be determined from a fingerprint, official recognition scan and other data. How difficult it is to forge this information really depends upon the quality of the technology that is used to authenticate that information.
There have been instances where people have managed to fool technology and authenticate themselves biometrically as someone else. For instance, a researcher whose work is detailed in the IEEE paper utilized gelatin to make a fake fingerprint that was 80% effective in fooling biometric scanners. As the paper points out, however, the technology being developed for biometric identification has been adapted so that it can identify sweat pores, check the conducting properties of skin and so forth. To some extent, one can take from this that the difficulty of forging biometric data is directly related to the technology used to read biometric data. The more sophisticated and sensitive to specific types of fraud that the technology is, the more reliable the biometric authentication will be.
How Hard Is It?
Again, this comes down to the overall sophistication of the technology being used. The Apple iPhone fingerprint scanner has already been hacked by the Chaos Computer Club. According to the Chaos Computer Club, the sensor used on these devices is really only more sophisticated than previous devices because it has a higher resolution. Making a higher resolution fake allowed the club to hack the device.
A more sophisticated sensor, however, that took into account other biometric data that the iPhone scanner did not would likely not be so easy to fool. Forging biometric data is exceptionally difficult, but possible, but is made very unlikely when the sophistication of biometric scanners is increased.