Own Your Digital Identity

Together with a jewelry designer, Kaspersky shows how to avoid the risks of biometric authentication while retaining its convenience

You are the only person in this world who has your fingerprints, your irises, your facial features, your DNA. As such, it’s incredibly convenient to use them for authentication, proving that you are you. You probably already use it – to unlock your phone, to get a visa for another country, and maybe even to access your office.

But what if this data is leaked and someone else gains access to your unique identifiers? They will be able to pretend that they are you! They’ll be able to fake your fingerprints or your facial features and gain access to wherever you use biometric authentication. That’s a huge security risk.

37% – the percentage of computers engaged in collecting, processing and storing biometric data, on which malware was detected in Q3 2019.

5.4% of the aforementioned systems were attacked with spyware, potentially capable of exfiltrating biometric data.

1 mln biometric data entries such as fingerprints or facial recognition information were stored as plain text files in one publicly accessible database.

Source: Threat landscape for biometric processing systems, Kaspersky ICS CERT

When your password leaks, you can simply change it. But when your biometric data leaks, there’s not much you can do. You can’t replace your finger. You don’t have a spare index finger on your right hand.

But we are so used to the convenience of biometric authentication, is it possible to retain it without compromising ourselves? What if you could create a new finger? Or have something that you can use instead, for authentication? We at Kaspersky have thought about that and come up with a solution that potentially eliminates that particular problem of biometric authentication.

Here’s how it is possible:

Together with Benjamin Waye, Swedish 3D accessory designer, we came up with the idea of a beautiful ring that houses a stone comprised of thousands of conductive fibers suspended in a rubber compound that form a unique fingerprint.

That ring can be used to authenticate the user with biometric systems, such as a phone or a smart home door lock. And if the data of the ring fingerprint leaks, the user can block this particular ring and replace it with a new one – and their own unique biometric data won’t be compromised.

More facts about the ring

What is the ring made of?

Each ring has been 3D printed in silver and features a biometric stone – comprised of thousands of conductive fibers suspended in a rubber compound, with a unique fingerprint pattern. The smartphone fingerprint sensor reads the pattern, but also checks the conductivity of the stone.

How does it work?

The smartphone sensor picks up two features from the active biometric stone. First, it has the physical shape and texture of a real finger, with both the right pattern and flexibility. Second, it contains conductive fibers that activate the reader.

When the stone is pressed on a fingerprint sensor, the conductivity activates the reader. The fingerprint sensor then measures both the connectivity and the pattern of the fibers, and also compares the physical pattern of the fingerprint with the one that was set up on the device.

How is an artificial fingerprint created?

Each fingerprint pattern is developed by using a software tool that is freely available online. The pattern is then adapted on a form, used to 3D print a cast. In the cast, each fingerprint stone is molded. An additional layer is added to make the stone unique, as the biometric stone is comprised of thousands of conductive fibers suspended in a rubber compound.

How do you make sure this fingerprint is unique?

The uniqueness of each biometric stone is proven through a combination of the software generated fingerprint and the thousands of metal fibers that randomly form a pattern. The combined information is not stored anywhere, ensuring no one has access to it.

What if a ring was lost? Does it mean a fingerprint will be leaked?

If the ring is lost, its artificial fingerprint can be removed as an authentication method from digital devices and replaced with another method or another ring. It does not mean that a fingerprint will be leaked.

Can I create such a ring at home?

Kaspersky wouldn’t advise producing the ring at home. Although the silver part of the ring is 3D printed, the biometric stone is molded and this is a complicated process.

Can I buy the ring?

At the moment Kaspersky has no plans to sell the ring. It is not a product but the result of a collaboration between us and the designer, aimed at drawing more attention to security related issues surrounding biometrics. We believe they must be solved through technology and on the devices that are used to process such valuable data, not by customers.

The ring is just a concept. It’s not a perfect solution, however, it works with what we have now. Yet in the future that we help build, where every computer and device that processes and stores biometric data is built with security in mind, there will be no need for this ring. These systems will be immune to attacks and leaks thanks to their architecture built on secure by design systems such as KasperskyOS.

Read more to learn about biometric authentication, the issues that it faces, the solutions it brings and the current state of the technology:

Is biometric banking secure?

Is biometric banking secure?

ATMs will soon use fingerprint readers and iris sensors to identify customers. But is biometric authentication as secure as advertised?

Kaspersky Security Cloud

— Let’s you know if breaches happen

— Provides a password manager for convenient and secure password storage

— Helps set up devices and apps to ensure security and privacy

— Protects against malware and phishing attacks

— Helps back up your data

Be in control of your information!