How to protect biometric authentication systems
24 Aug 2018In a world where sensitive information can be easily stolen, it is crucially important to protect it with the help of strong security systems. One of the latest methods of protecting information is biometric authentication that is gaining popularity worldwide. Besides, it seems to be reliable and hard to be forged by attackers. So let us see how the system can become a target for hackers and what steps should be taken to prevent that.
What biometric authentication is
Let us start with a definition. Biometric authentication is a user identity verification process that involves biological input, or the scanning or analysis of some part of the body. Today biometrics are often used as an alternative to traditional authentication methods because it brings convenience and reduces the hassle of losing and remembering complex passwords. Passwords are considered obsolete because they can be easily guessed, stolen or illicitly acquired by covert observation. Meanwhile, biometric authentication is based on a person’s uniqueness. Biometrics are exceptional traits or behavioral characteristics that can be captured and used for individual identification through different biometric modalities such as: fingerprint, finger vein, palm vein, iris, facial or voice recognition. Using biometrics for individual authentication is fast and it can instantly identify anyone within a matter of seconds. Furthermore, every individual, even identical twins, carry unique individual biometric characteristics.
How hackers steal biometrics
Popularity of biometric authentication is constantly increasing. But at the same time increases the number of threats associated with their use. The main one is the danger of critical information leakage — both personal and corporate. Thus, today data protection is the most important area of computer security experts’ work.
If a hacker receives sensitive information, a victim can no longer do anything and their data will always be under threat of unauthorized access. Biometric information is stored in the database in an encrypted form, and a person passing the authentication procedure receives a reply ‘yes’ or ‘no’ on a device. The system encrypts and decrypts the information when interacting with the database. The decryption key is stored somewhere inside the system. If the code of a similar system is disassembled, anyone will be able to find the key. If anyone can access users′s data it does not matter how effectively they were encrypted, because any hacker can replace them.
Therefore, the biometric authentication system needs strong and powerful protection, which do not allow hackers to introduce malware into the software environment.
How to protect biometric authentication system
StarForce developed two products that are StarForce C ++ Obfuscator and StarForce Crypto in order to protect biometric authentication technologies. The solutions complicate the process of analyzing application, so that hackers cannot understand how it works and then could not recreate the process of making the necessary changes.
StarForce C++ Obfuscator is highly recommended when protection applications against hacking is critical, for example, protection of encryption keys or other sensitive data that should not be lost. If such a breach happens, it affects both the software developer and the service provider and it eventually may lead to a serious financial loss.
The solution is used for obfuscating the source code written in C and C ++ for any operating system.
The main feature of the solution is the support of more than 30 code obfuscation methods, which can be switched on and off independently of each other and can be fine-tuned. The main methods that are used in StarForce C ++ Obfuscator are masking variable access, mixing code execution graph, insertion of dummy links to the execution graph, duplication of graph branches, dynamic graph branching and etc.
Another product developed by StarForce is Crypto which protects code sections and data that represent intellectual property and are crucial to protect from a business perspective. It provides reliable protection by eliminating any possible ways of understanding the logic of the application.
StarForce Crypto can be used for protecting Windows-based applications that can be distributed on CD/DVD discs, USB drives, and over the Internet against hacking, modification and reverse engineering.
StarForce Crypto is installed via the Internet anywhere and at any time convenient for a developer.
There is an extra opportunity to protect biometric authentication system by using a special technology that provides the binding of the protected application to a CD/DVD disc, a PC or a server, with the help of other StarForce products.
The products StarForce Obfuscator and StarForce Crypto secure biometric authentication system against reverse engineering, providing reliable protection of sensitive information.