INNOVATE
Biometric Technologies for Voter Authentication
Identifying Voters with Physiological Characteristics
As we have discussed in previous articles, the correct identification of everyone who casts a vote using an online voting system is crucial to verify their eligibility to participate in the election. Biometrics are based on the recognition of physiological characteristics of certain parts of the human body or on patterns of a person’s behavior. Examples of the first type are fingerprint, facial, voice and iris recognition, and of the second type are writing rhythm and movement of the mouse.
In order to use a biometrics system, it is necessary that each user conducts a first step called “enrollment” in which biometric information of the user is read. Processing this information, a set of features that represent the main characteristics obtained from the reading can be extracted. Then, a biometric template is created and stored. The biometric template contains the relevant features needed for the identification of the user. After this step, the user can start using the system. When an identification is needed, a reading is done again from which the biometric features are extracted and compared to the biometric template created during the enrollment step. If they match, the authentication will be considered positive.
Biometry can be used in different manners and for different purposes. We can distinguish three cases:
This is the most complex case and consists of only using biometrics to guess who a person is, or, in other words, to associate that person with a certain identity or user account. This approach is quite common to enforce access control in certain facilities, where fingerprint readers are installed close to the doors and are used to restrict entrance to only authorized staff. The main challenge with this use of biometrics, however, is that the bigger the database of biometric templates is, the more probable it is to have incorrect identifications and for unauthorized people to gain access.
In this case, the biometric factor is used alongside other authentication factors. Thus, the aim is not to guess whom the biometric reading presented belongs to, but rather to use the reading to confirm the identity of a person that has already identified themselves through another authentication factor (e.g., the person can be identified with the unique number of a national ID or with their name and surname). Two different approaches can be distinguished in this case, one in which the biometric templates are stored in a central database, and another where they are distributed to users in physical tokens, such as in smartcards or eIDs.
In the first approach the identity provider keeps a database with the biometric templates of each user. Users are then asked to conduct a biometric reading during the authentication process, which is then compared to their corresponding template. In the second approach, a user first authenticates their identity with an electronic identifier that holds their biometric template. The user then conducts a biometric reading, which is compared to the template on their eID to ensure that the person requesting access to the system is the owner of the ID (in certain cases this has been done with non-electronic IDs, by comparing the picture of the ID with a picture taken at the authentication time, however this would require the application of techniques to ensure that the photo of the ID has not been forged).
This is the most common case nowadays, where a biometric authentication is used to enforce access control over a certain asset that is usually within a smartphone (such as access to a mobile application, the phone’s capabilities, a private key stored on the phone, etc.). This is comparable to how a physical locker is used to control who can access the contents inside (only those with the correct code). In this case the biometric templates of the user are just stored on their own phone and are used as an access control mechanism. This could be considered as a subcase of the first one, the identification of a person, but with a very small database of biometric templates usually owned by an individual or just a few users.
The use of biometrics has been controversial, though, because it requires the creation of databases with user biometric templates to verify that the data obtained from the biometric reader match a certain template. However, nowadays biometry has become more popular with its introduction in smartphones and mobile devices in which biometrics is used to provide access control to the device itself or to assets on the phone. We believe that in the future, the use of biometrics as an additional authentication factor will become more and more common as users become more and more familiar with the technology after using it on their smartphones.
Also, from a user privacy perspective, there are solutions both at technical and at legal levels to protect personal data. For example, the biometric templates that are stored in databases, can be generated with one-way functions that do not allow the possibility to reconstruct the original biometric information from the template (e.g. from a biometric template created with one-way functions for face recognition, it will not be not possible to recreate a picture of the face, or even an approximation of it). Also, from a legal point of view, privacy laws such as the EU GDPR ensure that all the personal data, such as the biometric templates, is correctly processed and protected.
This article was written by Jordi Cucurull, Cryptography Researcher at Scytl.
