When your password on an account is compromised, you change it. But what happens when your password is your fingerprint?
Facial recognition, fingerprint Touch ID, iris scanning and even voice commands to Alexa or Siri are all examples of technology that use our biometric data to access personal information. Nima Karimian, assistant professor of computer engineering at San José State, recently received a grant from the National Science Foundation (NSF) to better understand how to keep that data as safe as possible.
Karimian was awarded $175,000 from the NSF Computer and Information Science and Engineering (CISE) Research Initiation Initiative (CRII) to strengthen biometric security systems, particularly from breaches known as side-channel attacks. Those infiltrations rely on details gathered when a system is designed and implemented — like the amount of time it may take a user to enter a password.
The NSF CISE award supports research among early-career faculty who are in their first three years in an academic position after earning their PhD. The CRII program provides resources to help early-career primary investigators launch a career in research.
Karimian said that biometric data will be used in many ways in the future to “make everyday tasks more efficient and comfortable.” Think bank account access, airport security, border identity checkpoints, patient authentication in health care settings and more.
“At the same time, sharing biometric data may introduce theft, privacy threats and illegal access to confidential information,” he explained.
“For instance, if your fingerprint or face biometric data is compromised by an adversary, it could be reused to gain unauthorized access to a system or even duplicate the biometric data to hack into victims’ devices or accounts.”
While side-channel attacks are well understood in other contexts, Karimian argues they’ve been understudied in systems that use biometric data. His research project, “Physical Side-Channel Attacks in Biometric Systems,” will develop metrics, deep-learning algorithms, protocols and tools for physical side-channel attacks and countermeasures in biometric systems.
“Receiving this prestigious award is a great honor for me,” Karimian said. “This grant allows me to launch my independent research here at SJSU and to start new research directions developing secure biometric systems that can protect citizens’ privacy.
Karimian added that he hopes the grant will allow him to support both graduate and undergraduate students from underrepresented groups.
“Dr. Karimian’s grant is right in line with the Davidson College of Engineering’s objectives to conduct research that addresses important societal needs,” noted Sheryl H. Ehrman, the Don Beall Dean of the Charles W. Davidson College of Engineering.
“In the case of this project, our college will play a part in advancing hardware security, with the potential for significant global impact based upon the increasing use of biometric data.”
Karimian emphasized that “biometric data is part of your identity, which represents the entire you and can never be changed. When a password is compromised, it can be changed, but you can’t change your identity if the same scenario happens with biometric data.”
“Hence, it is important to find the vulnerabilities of biometric technologies and protect them from being hacked and leaked.”
To learn more about Karimian’s work, visit nimakarimian.com.