Using biometric data to protect information

Objective. An urgent task is to evaluate the system for protecting access to information while minimizing errors, based on the use of human biometric data. It is necessary to evaluate and compare methods and solutions of biometric authentication, and the possibility of combining them.

Method. The method for assessing and comparing biometric authentication methods and solutions is based on practical experience and regulatory and technical documentation on the use of biometric data for information security purposes. It is necessary to complicate the possibility of unauthorized access to information. At the same time, improving the system should not worsen the comfort of a legitimate user when trying to access. The remaining tasks are to reduce entry time and simplify the system.

Result. An assessment of biometric authentication methods and solutions was carried out and a solution was proposed for the development of biometric authentication systems to protect against unauthorized access, the key criteria in which were the complexity of hacking, user comfort, login time and simplification of the system.

Conclusion. The optimal solution in the development of biometric authentication systems would be to use multi-factor authentication using dynamic parameters of the access subject. A modern biometric authentication system should be installed taking into account the level of security required at the time.

1. On Information, Information Technologies and Information Protection Federal law No 149-FL dated 27.07.2006/ [Electron. Res.] Access mode: https://www.consultant.ru/document/cons_doc_LAW_61798/ (In Russ).

2. On Personal Data Federal law No 152-FL dated 27.07.2006 / [Electronic resource]. Access mode: https://www.consultant.ru/document/cons_doc_LAW_61801/(In Russ).

3. On the Identification and (or) Authentication of Individuals Using Biometric Personal Data, on Amendments to Certain Legislative Acts of the Russian Federation and Invalidation of Certain Provisions of Legislative Acts of the Russian Federation. Federal Law No 572-FL dated 29.12.2022 / [Electronic resource]. Access mode: https://www.consultant.ru/document/cons_doc_LAW_436110/ (In Russ).

4. On Approval of the Regulations on the Unified Personal Data Information System that Ensures the Processing, including Collection and Storage, of Biometric Personal Data, their Verification and Transmission of information on the Degree of their Compliance with the Provided Biometric Personal data of an Individual. Decree of the Government of the Russian Federation No 1089 dated 16.06.2022 / [Electronic resource]. Access mode: https://www.garant.ru/products/ipo/prime/doc/404747823/ (In Russ).

5. GOST R 50922-2006. Information protection. Basic terms and definitions // Moscow: Federal Agency for Technical Regulation and Metrology. 2008;7./[Electronic resource].Access mode: https://docs.cntd.ru/document/1200058320 (In Russ).

6. GOST R 52633.0-2006. Information protection. Information security techniques. Requirements for highly reliable biometric authentication tools. 2007;19/[Electronic resource].Access mode: https://docs.cntd.ru/document/1200048922 (In Russ).

7. GOST R 52633.1–2009. Information protection. Information security techniques. Requirements for the formation of databases of natural biometric images intended for testing highly reliable biometric authentication tools. 2010; 19. [Electron. Res.]. Access mode: https://docs.cntd.ru/document/1200079555 (In Russ).

8. GOST R 52633.2–2010. Information protection. Information security techniques. Requirements for the formation of synthetic biometric images intended for testing highly reliable biometric authentication tools. 2018; 18. / [Electronic resource]. Access mode: https://docs.cntd.ru/document/1200081163 (In Russ).

9. GOST R 52633.3–2011. Information protection. Information security techniques. Testing the resistance of highly reliable biometric protection tools to selection attacks. 2018; 11. / [Electronic resource]. Access mode: https://docs.cntd.ru/document/1200088765 (In Russ).

10. GOST R ISO/IEC 19795-1-2007. Automatic identification. Biometric identification. Operational tests and test reports in biometrics. Part 1. Principles and structure. 2019; 50. / [Electronic resource]. Access mode: https://docs.cntd.ru/document/1200067413 (In Russ).

11. GOST R ISO/IEC 19795-2-2008. Automatic identification. Biometric identification. Operational tests and test reports in biometrics. Part 2. Methods of technological and scenario testing. 2009; 42. / [Electronic resource]. Access mode: https://docs.cntd.ru/document/1200073050 (In Russ).

12. GOST R ISO/IEC TO 19795-3-2009. Automatic identification. Biometric identification. Operational tests and test reports in biometrics. Part 3. Features of testing with various biometric modalities. 2010; 23. / [Electronic resource]. Access mode: https://docs.cntd.ru/document/1200075111 (In Russ).

13. GOST R ISO/IEC 19795-4-2011. Information technology. Biometrics. Operational tests and test reports in biometrics. Part 4.Compatibility tests. 2012;49./[Electronic resource].Access mode: https://docs.cntd.ru/document/1200087807 (In Russ).

14. GOST R ISO/IEC 19795-6-2015. Information technology. Biometrics. Operational tests and test reports in biometrics. Part 6. Methodology of operational tests. 2016; 27[Electronic resource]. Access mode: https:// docs.cntd.ru/document/1200122961 (In Russ).

15. FSTEC of the Russian Federation. Guidance document. Protection against unauthorized access to information. Terms and definitions. (In Russ).

16. Bryukhomitsky Y.A. Biometric technologies of identity identification; Southern Federal University. Rostovon-Don : Southern Federal University Press, 2017; 263. (In Russ).

17. Ivanov A. I. Neural network algorithms of biometric identification of personality. Moscow: Radio Engineering, 2004; 143. (In Russ).

18. Martynova L. E. Research and comparative analysis of authentication methods. Young Scientist. 2016;19: 90-93. (In Russ).

19. Biometric systems / Journal for managers and security specialists Secutek. Security systems. 2019; 2:126. (In Russ).

20. Facepass. Journal for managers and security specialists Secutek. Security systems. 2022; 3: 134. (In Russ).

21. Placement of biometrics in the unified biometric system (UBS). Journal “Information Security” Information security itsec 2022;4: 56. (In Russ).