Astana IT University

Bodambaev Tamerlan
Shakhayev Amir

Biometric Authentication Systems Analysis

6B06301 - Cybersecurity

Diploma work

Supervisor
Temirbek A.

Kazakhstan Republic
Nur-Sultan, 2024
 CONTENTS
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Designations and abbreviations . . . . . . . . . . . . . . . . . . . . . 4
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1 Literature Review . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1 Enhanced Fraud Prevention: Empirical Evidence and Quantitative
Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2 Privacy Concerns: A Critical Examination and Ethical Implications 6
1.3 Analytical Methodologies: Navigating the Trade-off Between
Security and Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 7
2 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1 Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2 Inclusion Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Data Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3 Preliminary Results . . . . . . . . . . . . . . . . . . . . . . . . . 9
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2
 DEFINITIONS
Following terms are used in this work:

Term Biometric Authentification

Term title .

Terminology Biometric Authentication: Verification of identity using

physiological or behavioral traits. FAR (False Acceptance
Rate): Rate of incorrectly accepting unauthorized users.
FRR (False Rejection Rate): Rate of incorrectly rejecting
authorized users. EER (Equal Error Rate): Optimal
balance between FAR and FRR. Template: Mathematical
representation of biometric data for comparison. Spoofing:
Attempting to deceive the system with fake biometric
samples. MFA (Multi-factor Authentication): Requires
multiple forms of authentication. Continuous Authentication:
Verifies identity throughout user interaction. Privacy-
Preserving Biometrics: Protects biometric data from misuse.
Biometric Cryptography: Uses biometrics to generate
cryptographic keys.

3
 DESIGNATIONS AND ABBREVIATIONS
Following designations and abbreviations are used in this work:

∀ text
AAA text text text.
ABC text text text text text text text text text text text text text text
text text.

4
 INTRODUCTION
The digital age has witnessed an exponential growth in reliance on
online platforms and services, making robust cybersecurity measures paramount.
Biometric authentication systems have emerged as a promising technology,
offering a convenient and seemingly secure method for user identification and
access control. However, their integration into cybersecurity practices raises a
critical debate, balancing the potential for enhanced fraud prevention against
inherent privacy concerns. This comprehensive literature review delves into
the multifaceted role of biometrics in cybersecurity, meticulously analyzing
their effectiveness in thwarting fraudulent activities while critically evaluating
associated privacy challenges.
Aim of the work. To investigate the role of biometrics in both enhancing
fraud prevention and raising privacy concerns within cybersecurity, employing
an analytical methodology to assess potential protection strategies and their
effectiveness.
Novelty. Article’s novelty lies in its comprehensive analysis, incorporation of
quantitative data, exploration of user experience and ethical considerations, and
focus on future research directions.
• Focus on specific data and quantitative analysis: You incorporate specific
data points and quantitative findings from various studies to strengthen your
arguments regarding the effectiveness of biometrics in fraud prevention. This
quantitative analysis adds depth and credibility to your claims.
• Exploration of user experience and ethical considerations: You delve into
the user perspective by highlighting concerns about privacy and potential misuse
of biometric data. This demonstrates a well-rounded understanding of the ethical
implications associated with biometric authentication.
Goals:
1 Consider whether there have already been such articles as our diploma and
tell about them in the literature review.
2 Collect articles with biometric statistical data that are suitable for us to
enhance fraud prevention and raising privacy concerns within cybersecurity.
3 Consider this in cybersecurity by compiling an analytical methodology to
evaluate potential protection strategies and their effectiveness.

5
1 Literature Review

1.1 Enhanced Fraud Prevention: Empirical Evidence and

Quantitative Analysis
Numerous studies provide compelling evidence supporting the efficacy
of biometrics in bolstering cybersecurity through robust fraud prevention
mechanisms. Jain et al. (2006) emphasize the inherent uniqueness of biometric
identifiers, such as fingerprints, iris patterns, and facial recognition, which
significantly reduces the likelihood of unauthorized access compared to traditional
password-based systems. They quantify this advantage by highlighting that
password-based systems are susceptible to brute-force attacks with a success rate
exceeding 50% within hours, while biometric systems boast an error rate as low
as 0.001%. Habib et al. (2023) further validate these claims by conducting a
rigorous analysis of biometric authentication systems against statistical attacks.
Their findings demonstrate that biometric systems achieve an exceptionally low
False Acceptance Rate (FAR) of 0.01%, significantly exceeding the capabilities of
traditional methods, which often grapple with FAR exceeding 1%.
Focusing on a specific industry application, Khan et al. (2023) investigate
the impact of biometric authentication in the banking sector, a domain
particularly vulnerable to cyberattacks. Their empirical study reveals a staggering
78% decrease in fraudulent transactions after implementing a multi-modal
biometric authentication system, encompassing fingerprint and facial recognition.
These quantitative findings provide irrefutable evidence that biometrics offer a
substantial advantage in preventing unauthorized access and fraudulent activities
within cybersecurity frameworks.
1.2 Privacy Concerns: A Critical Examination and Ethical
Implications
While the aforementioned studies highlight the undeniable benefits of
biometrics in strengthening cybersecurity, their implementation necessitates
careful consideration of associated privacy concerns. Skalkos et al. (2021)
conducted a comprehensive survey, revealing that a significant portion of users,
approximately 62%, express apprehension regarding the continuous collection,
storage, and potential misuse of their biometric data. This apprehension stems
from the inherent sensitivity of biometric information, which, unlike passwords,
cannot be easily reset or altered in case of a security breach. Furthermore,
Zatonskikh et al. (2018) raise concerns about the vulnerability of biometric
systems to spoofing attacks, where unauthorized individuals attempt to replicate
a user’s biometric characteristics, such as fingerprints or facial features, to
gain illegitimate access. This highlights the potential for identity theft and
unauthorized surveillance, posing significant ethical and legal challenges.
6
 1.3 Analytical Methodologies: Navigating the Trade-off Between
Security and Privacy
Researchers have proposed various analytical methodologies to address the
complex interplay between enhanced security offered by biometrics and the
need to mitigate privacy risks. Huang et al. (2010) present a three-factor
authentication framework that combines biometric authentication with additional
security layers, such as one-time passwords or knowledge-based factors. This
multi-layered approach strengthens the overall security posture without solely
relying on biometric data, potentially alleviating privacy concerns associated
with extensive biometric data collection. Podrzaj (2019) explores the use of
user-friendly graphical user interfaces for biometric systems. These interfaces
can improve user acceptance and understanding of the authentication process,
fostering trust and transparency, which are crucial for mitigating privacy concerns.

7
2 Methodology

This section outlines the analytical methodology employed to investigate the

role of biometrics in cybersecurity and presents preliminary findings based on the
collected data.
2.1 Data Collection
A comprehensive data collection strategy was adopted, utilizing various
academic databases and search engines, including Google Scholar, Science
Direct, and other relevant platforms. The search terms employed encompassed
combinations of keywords like "biometrics,cybersecurity,fraud prevention,privacy
concerns,"and "authentication."Additionally, reference lists of relevant studies
were scanned to identify further pertinent articles.
2.2 Inclusion Criteria
Studies were included in the analysis if they met the following criteria:

• Published in peer-reviewed journals or reputable conference.

• Focused on the application of biometrics in cybersecurity contexts.
• Employed quantitative or qualitative methodologies to analyze the
effectiveness and/or challenges associated with biometrics.
• Written in English.
2.3 Data Analysis
A thematic analysis approach was employed to identify recurring themes and
patterns within the collected data. This involved carefully reading and coding the
retrieved articles, categorizing them based on their central themes and extracting
relevant data points, such as:

Quantitative data: This included statistics related to the effectiveness of

biometrics in fraud prevention, such as error rates, false acceptance rates, and
success rates of spoofing attacks.
Qualitative data: This encompassed insights into user perceptions of privacy
concerns, ethical considerations surrounding biometric data collection and storage,
and proposed solutions for mitigating these concerns.

8
3 Preliminary Results

The initial analysis yielded promising insights, highlighting both the potential
benefits and challenges associated with biometrics in cybersecurity. Here are some
preliminary findings:
Enhanced Fraud Prevention: Several studies reported significant reductions
in fraudulent activities after implementing biometric authentication systems. For
instance, Khan et al. (2023) observed a 78% decrease in fraudulent transactions
in the banking sector following the adoption of multi-modal biometrics.
Privacy Concerns: A significant portion of users expressed apprehension
regarding the collection and storage of their biometric data. Skalkos et al. (2021)
reported that 62% of users surveyed voiced concerns about privacy implications.
Vulnerability to Spoofing Attacks: Studies highlighted the potential for
spoofing attacks to bypass biometric authentication systems. Zatonskikh et al.
(2018) emphasized the need for advanced anti-spoofing techniques to mitigate
this risk.

9
 BIBLIOGRAPHY
1.Yang, J.C Park, D.S. A fingerprint verification algorithm using tessellated
invariant moment features. Neurocomputing , 2008, 71, 1939– 1946.
2. Khalil, M. S.; Mohammed, D.; Khan, M. K. Al-Nuzaili, Q. Fingerprint
verification using statistical descriptors. Digital Signal Proces., 2009, 20(4),1264-
1273.
3. Helfroush, M.S. Mohammadpour, M. Fingerprint verification system: a
non-minutiae based approach. In International Conference on Computer, Control
and Communication , 2009, pp. 1-4
4.Icao, “9303-Machine Readable Travel Documents-Part 9: Deployment of
Biometric Identification and Electronic Storage of Data in eMRTDs,” 2015.
5.A. K. Jain, A. Ross, and S. Pankanti, “Biometrics: A Tool for Information
Security ” IEEE Transactions on Information Forensics And Security, vol. 1, no.
ue 2, pp. 125 – 144, 2006.

10