British biometric ID card system vulnerable to cloning free RSS news feed from the Biometric News Portal

11 November 2008
TSSI has branded the Government proposal by Home Secretary Jacqui Smith to ask companies such as the Post Office to collect biometric data as irresponsible. It said that such a system that allowed private companies to gain ownership of public identity data could be vulnerable to abuse.

“Handing over the keys to public identity data to organisations such as Royal Mail will open up a whole new can of worms. It seems preposterous to put public data into the hands of a third party when data loss is as commonplace as it is,” said Stewart Hefferman, COO, TSSI Systems Ltd. “It’s clear now that the government has intended to link the ID card scheme into its other services. I’ve been concerned about such an extension of ID card use since they were very first announced.”

“The big concern with ID verification is impersonation. Unfortunately, the Government’s ID card scheme does not go far enough to address this problem – and by opening up a photo kiosk style fingerprinting service at a post office with data made accessible to various employees – will further exacerbate the problem.”

“The two main weaknesses are firstly, an over-reliance on biometric security, and secondly, the preference for centralised data storage. Together these leave the ID card system vulnerable to cloning.”

“Stronger verification technology needs to be in place. Biometric technology alone does not suffice to prevent fraud – despite strong encryption, the Dutch biometric passports were cracked soon after launching. Unfortunately, there is no such thing as a 100% secure solution – and saying you’ve got one is an open invitation to hackers! All you can do is minimise the risk as far as possible.”

“What’s needed if the ID card scheme is to work, is a belt and braces approach. Storing the biometric data as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised personnel – and therefore any successful hackers or corrupt employees - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card.”

“The way the information is stored and structured needs to be carefully implemented to avoid sowing the seeds of disaster. Storing this data centrally and then linking this into a variety of databases is a security concern. Other countries such as France and Italy have stipulated that biometric information is stored only on the cards themselves – thus still within the possession of the individual.”

"If it is stored centrally, then the biometric data must be stored separately from any other personal data. This would make it harder for any hacker to join up the dots and steal someone’s identity or clone a card. I also strongly advise that back-end systems enable an audit trail of those personnel who have accessed individual records on those back end systems.”

print versionPrint version | email this to a friendEmail to a friend | view other articles View other articles

Latest Biometric articles

 Secon 2013 to showcase latest technology in Video Surveillance, Access Control, Biometric Recognition, Alarm Monitoring

 New Biometric Terminals For Employee Self Service And Workforce Management From Accu-Time Systems

 Biometric identification technologies, Neurotechnology showcases MegaMatcher 4.4 multi-biometric technology for large-scale applications and updates

 Neurotechnology Launches SkyBiometry Spin-off Company to Deliver SaaS Biometric Identification and Feature Analysis

 FbF LiveScan for Defense Industry Applicant ID introduced by Fulcrum Biometrics

 Samsung Launch License Free Network Video Surveillance Software

 Cartes Used by Access to unveil ultra compact e-passport and ID readers for high speed data capture

 Global Voice Biometrics Leader - Nuance Communications

 New Audit Programs on Cybercrime, Biometrics, E-commerce and VPN Issued by ISACA

 VidSys Expands EMEA Presence to Address Growing Demand for its Physical Security Information Management Software

...[view more Biometric articles]...


Security websites for specific products:

Security websites for specific markets:

Biometric system links
directory of biometric systems suppliers
Search directory Register your company
Biometrics books
Security books