Biometrics in blockchain and cryptocurrency security

Biometrics has been adopted in a lot of spheres of human life and has come to blockchain, too. Since it is based on personal characteristics of a user and used to verify a user’s identity, it helps to improve the security and take it to another level. If the data recorded in the system matches the user input, the access is granted, otherwise it is denied. It may concern not only devices, but wallets and other crypto solutions. To validate a transaction a user needs to make a snapshot of their face, scan their fingerprint or make a voice recording. Isn’t it convenient? Human biological features are unique and vary from one person to another, so it is hardly possible to imitate.

On the other hand, blockchain technologies are a big step to secure biometric databases. Centralized databases (of banks and governmental institutions) store such data, are very attractive for hackers and may be vulnerable. In decentralized storages, data is encrypted and can be stored more securely (for example, in a distributed way).

Seeking to raise the security level and make blockchain users’ lives more comfortable, cryptocurrency platforms involve new methods of authentication which are difficult or even impossible to forge. They employ various biometric methods, such as:

• Finger and thumb print scanning. One of the most wide-spread types of biometric authentication, since finger and thumb prints are completely unique. One of the first solutions was a specific biometric token which stuck to the user’s device and could read fingerprints, which were used to authorize transactions. Then it became a part of multifactor authentication (along with a PIN), which helped to build a biometric authentication bridge from the user to the wallet (the platform Hypr used it with biometric time-based one-time password algorithm or TOTP to convert cryptocurrency in real time. The platform also allowed the creation of a complete biometric profile including palm, voice, etc.) It helps to avoid fraud and interchange fees and also proves that the owner is authorizing a transaction, not someone or something masquerading as them. The biometric data is not stored in the device but remotely and in a decentralized way. Hardware Bitcoin wallets (such as the Case crypto credit card) also use such techniques to secure the user’s data and transactions with multi-factor authentication and a number of keys (one distinguishes the owner, another, stored at the server, grants access only to the person, whose fingerprint matches the pattern, and helps to secure the assets even if the device is lost, and the third helps to recover assets in case of loss or other issue).
• Palm print scanning. It is somewhat like the finger/thumb print scanning, but involves the whole palm, which can be considered more secure, eliminating all possible errors. The camera scans the palm and the image is combined with the profiled data, stored in the database. If they match, the user gets access to the wallet or validates a transaction. Besides the optical scan, thermal and tactile methods are used to spot palm ridges, palm bifurcations, palm texture and such things as scars or other skin damages. This complex analysis eliminates the possibility of fraud.
• Facial recognition. Another common method of biometric authentication which helps to avoid complicated obscure passwords (the first was Humaniq, blockchain biometric technology). The solution is based on a photo ID pattern, stored in the system. Live video feed is compared to it and grants the access for the owner (also allows trading and transaction validation) or denies it for a stranger. Moreover, the system is so sensitive that it recognizes the slightest movements of the face. Collected biometric data is encrypted and stored in a distributed database. It can be a part of a complex authentication process, which includes other biometric data scanning (fingerprints, voice, veins scanning, etc.) which raises the security level, is more flexible and sensitive, as it can be read in motion.
• Eye scanning. There are two types of eye scanning — the iris and the retina, which can be used separately or in combination. The eye is also unique and very rarely undergoes changes, while such issues like tears do not affect the scanning. The pattern picture is made by taking shots with bright light directed at the eye. During the validation process another shot is taken and compared to the pattern. The scanning detects the tiniest blood vessels which eliminates the possibility of errors and frauds. For example, a blockchain-specific phone (BitVault) uses finger and iris scanning for user identification.
• Voice identification. This solution is built on software and sensors, which recognize the owner’s voice and distinguish it from other people’s voices using profile patterns. It prevents security risks associated with voice imitation. However, unlike fingerprints, the voice of a person may change (due to physical reasons), which may cause some issues for the owner. Thus, it is better not to use this method alone but along with other types of authentication (such as prints and passwords).
• Lip password. A very peculiar method which combines biometrics and password, the so-called ‘lip motion password’. The system checks and combines not only what is said, but also how it is said (lip movement, texture and behavioral characteristics of the speaker). Speaking behavior is unique, and it is impossible to imitate the slightest characteristics and features even knowing the password and after a long training. The video recording is also useless for the attacker as it lacks ‘live’ specifications. However, the technology is complicated and expensive.

Biometrics in blockchain and cryptocurrency security is still a kind of terra incognita in addition to the fact that it is rather expensive. However, the involvement of such technologies in the crypto world is expanding. Some of the technologies are already in use, the others (such as heat-rate scanning) are not but supposedly are about to come. These methods will take security to a very high level and, on the other hand, may make the complex authentication procedures simpler and friendlier for users.

Launched in 2019 and based in Dubai, SmartState is one of the leading DeFi security auditing firms. We conduct security tests and check the code core, smart contracts and blockchain for all types of errors, vulnerabilities and other issues.

Although SmartState gave a start to operations with smart contract auditing of DLT-projects, from the very beginning, we made our services surpass the classic purview of smart contract audit and security testing. We specialize in manual testing, so the SmartState’s tech team of white-hat security professionals measure up a project’s git and offer guidelines and recommendations for its further advancement. Security audit reports review the threats and vulnerabilities with which codebases may be exploited in the future, as the network achieves scalability and expands to accommodate more use cases and functionality.

Stay tuned and find more about us and what we provide on our:

New to trading? Try crypto trading bots or copy trading on best crypto exchanges

Join Coinmonks Telegram Channel and Youtube Channel get daily Crypto News