EPFL's Security and Cryptography Laboratory collaborated with startup Global ID to formulate an encryption method for processing biometric data taken via 3D finger vein recognition – a system that is next to impossible to forge.
It is very easy to counterfeit fingerprints, and existing biometric authentication systems are not adequately secure. That is the assessment of EPFL researchers researching biometric identification through vein recognition – a system that could be mainly useful for law enforcement, hospitals, and even banks.
Together with the startup Global ID, the EPFL team has developed a lot more secure identification system that processes data more safely than existing standards and that leverages 3D vein imaging technology created by the Idiap Research Institute in Martigny, the University of Applied Sciences in Sion (HES-SO Valais-Wallis) and Global ID.
Revolutionizing ID systems
2D vein recognition technology is already used throughout the world, but the system has its flaws. With 3D analysis, the risk of counterfeits is essentially non-existent since we all have different veins.
Lambert Sonna Momo, the founder of Global ID.
When someone places their index finger on the sensor, the vein scanner identifies them.
This scanner is portable and has potential for use in a wide range of applications, from border controls and financial transaction authentication to identifying patients in hospitals. Actually, efforts are already underway in this regard at Geneva University Hospitals and the University Teaching Hospital of Yaoundé in Cameroon.
Protecting your private life
An important aspect of confirming someone’s identity using biometrics is protecting their private data, which is the challenge at the core of EPFL’s project. "Guaranteeing data security is crucial, such as when countries want to store their data abroad," says Sonna Momo. To address this issue, Serge Vaudenay's Security and Cryptography Laboratory designed a system that uses homomorphic encryption: the scanner and identification mechanisms process the data without really decrypting them, so that people's data stays confidential.
The process thus eliminates the possibility of data being stolen when a person's biometrics are being gathered and verified. For instance, the scanners currently used at airports save the biometric data directly on the device in case the data is required again. And because of the innovative communication algorithms developed at EPFL, if any data is stolen, it is instantly traced back to the device from which the data was leaked.
Applications for developing countries
The system’s robustness makes it a particularly appealing solution for developing countries.
The current systems don't take into account these countries’ specific needs – their infrastructure is sometimes lacking and weather conditions can make things difficult.
The moderately inexpensive scanner (at about CHF 300) was tested on numerous people in Cameroon this February so as to expand the algorithms' accuracy to include all skin types.
Global ID is focused on creating a manufactured prototype for potential investors by this summer, and in the medium term, the startup company plans to offer "identification as a service" to governments and hospitals. That way, the identification system could be swiftly put into operation without an upfront investment in personnel or infrastructure.
A more secure biometric authentication system