The Role of Biometrics in Establishing Zero Trust Security Environments of the Future

Wed Jan 31, 2024 - 5:03am GMT+0000

Selfies, fake passports, and cyberattacks targeting databases of biometric information like fingerprints and DNA have become top commodities on the dark web. This data enables attackers to gain access to highly sensitive personal information, leading to a surge in the creation of synthetic ID fraud for more sophisticated attacks.

Gartner highlights that while biometric authentication has distinct advantages over other methods, it faces significant challenges such as the threat of AI-enabled deepfake attacks, which could potentially invalidate biometric authentication methods.

At Zenith Live 2023, Zscaler CEO Jay Chaudhry revealed an incident where his voice was replicated using deepfake technology to attempt financial fraud against the company’s operations in India. VentureBeat reports that the past year has seen numerous deepfake and biometric attack attempts on major cybersecurity firms. The prevalence of these attacks has prompted the Department of Homeland Security to publish a guide titled “Increasing Threats of Deepfake Identities.” The expectation is that 2024 will see a rise in biometric-based attacks, especially targeting corporate executives.

C-level executives are particularly vulnerable to these attacks, with a third having already fallen victim to phishing scams. Ivanti’s 2023 Security Preparedness Report notes that senior executives are four times more likely to be targeted in phishing scams compared to other employees, and whale phishing has become a significant threat to company leaders.

Ivanti’s Chief Product Officer, Srinivas Mukkamala, emphasizes the growing need for enhanced security and privacy standards to keep pace with the expectation of universal connectivity. This includes the need for infrastructures that support secure and interconnected societies.

Badge, co-founded by Tina P. Srivastava, aims to revolutionize authentication by anchoring digital identities to individuals rather than devices. After experiencing a personal data breach, Srivastava focused on using cryptography to create a user-centric security solution, making individuals their own authentication token. Badge’s patented technology eliminates the need for traditional authentication methods like passwords and hardware tokens, instead using biometric data to authenticate users across various devices.

Badge’s approach aligns with the principles of zero trust by safeguarding personal and biometric data. Their technology allows for privacy-preserving authentication across applications and devices without storing personal data. This method is seen as a significant enhancement to multi-factor authentication (MFA) systems and is gaining traction across industries like banking, healthcare, and retail.

Badge’s technology underpins zero trust by minimizing data access and storage, thereby reducing the risk of breaches. It also bolsters MFA by allowing authentication with biometrics without relying on hardware tokens. Badge’s collaboration with companies like Okta and Auth0 is a testament to its growing role in the broader identity and access management landscape.

Furthermore, Srivastava explains that Badge operates on a cryptographically zero-knowledge basis and offers quantum resistance, making it a robust component in any zero-trust architecture. Jeremy Grant, former NIST senior executive advisor, acknowledges Badge’s technology as a significant solution for both consumer and enterprise applications.