The Impact of Biometric Authentication on User Privacy and the Role of Blockchain in Preserving Secure Data
Blockchain technology is a novel solution to privacy concerns and risks associated with the storage and maintenance of biometric data.
Join the DZone community and get the full member experience.
Join For FreeBlockchain technology is a novel solution to privacy concerns and risks associated with the storage and maintenance of biometric data. Blockchain is a form of distributed ledger technology that shares infrastructure across several cybersecurity applications. It underlies cryptocurrencies such as Bitcoin and has a potential role to play in identity verification, supply chain integrity, and assured data provenance. In essence, it allows digital information to be distributed but not copied. Data is organized into blocks and then chained together, meaning that it is secure by design and persistence. The key differences between blockchain to traditional data storage methods are that the data is decentralized and it is tamper-evident — or, in some applications, effectively tamper-proof. Also, because each block contains a timestamp and a reference to the previous block, the information is stored in a linear fashion which aids in accessing and maintaining the data. These features make blockchain an attractive proposition for any system that manages and stores sensitive information.
User privacy is a major issue in the developing field of biometric authentication. Before the arrival of biometrics, privacy in the digital domain was focused on the area of preventing the unauthorized collection of personal data and its misuse. However, in the context of biometric authentication, the collection of a biometric sample, such as a fingerprint, is only the start of the process. Once that data is captured, it is turned into a template, a mathematical representation of the sample, and it is this data that is actually used by the system. It is therefore necessary only to gain access to the template data in order for an individual's biometric data to be compromised. Also, biometric data, once stolen or otherwise obtained, cannot be replaced and individuals are forced to live with the increased risk of identity theft for the remainder of their lives. For these and many other legal, social, and ethical reasons, preventing unauthorized access to personal biometric data has become a major focus for research and development in the field.
Biometric authentication is a modern approach to security. It uses unique biological characteristics such as fingerprints, iris patterns, and voice recognition to establish and confirm the identity of an individual. Biometric technology has been around for many years and has developed rapidly, particularly in areas such as law enforcement, but until relatively recently its use was limited to high-security, financial, or criminal justice applications. However, the commercial availability of devices such as smartphones and tablets that allow biometric authentication is starting to make the technology accessible to anyone. With the development of smartwatches and other wearable devices that can monitor pulse and other activities, it is clear that the use of biometrics is going to continue to increase.
1.1 Overview of Biometric Authentication
Biometric authentication uses a person's physiological characteristics to verify their identity. This type of authentication usually involves the use of a biometric scanner, which is a device that reads and translates biometric data into digital information. Different types of biometric data, such as facial images, voice prints, and fingerprints can be used. Once the data is translated into digital information, it is stored and used to verify a person's identity. For example, when a person uses their fingerprint to unlock a smartphone, the fingerprint data stored on the phone is compared with the fingerprint that is being presented. Only if the presented fingerprint matches the stored fingerprint will the phone be unlocked. The use of biometric data for authentication has become increasingly popular, with many organizations and companies now offering biometric authentication services, such as the use of fingerprint and facial recognition for smart devices like mobile phones. However, concerns have been raised about the impact of biometric authentication on user privacy.
1.2 Importance of User Privacy in Biometric Authentication
As such, the essay will move on to discuss current prevailing sentiments in the cybersecurity industry when it comes to managing and securing biometric data before moving on to explore blockchain as a means of securing such data.
This illustrates the gravity of the situation perfectly: if biometric data, and the privacy thereof, is not taken seriously by those who use it, the potential impact that could be felt by consumers at large and the victim of abuse is immeasurable. For this reason, the potential for blockchain as a solution is particularly exciting. Such a ground-up reimagining of the processing and storing of biometric template data and biometric methods may well end up sidestepping the issues faced in our current, more traditional methods of cybersecurity by utilizing the very advantage that these cybersecurity staples provide: decentralization and an open, publicly accessible but entirely secure data set.
However, regulations do not prevent commercial and state interests from interfering with a user's privacy, and this is something that is becoming an ever-growing concern in our increasingly surveilled society. With machine learning and predictive analytics unearthing more advanced methods of profiling, our biometric data can now be used to ascertain more than just our individual identity. It is not just a matter of protecting against identity theft or fraud; someone could theoretically take a stored biometric template of data and extrapolate enough knowledge to commit detailed, real-world social intrusion by building a multifaceted profile of a person's life and interactions through the linking of constructor biographical data.
As such, much of the technology involved in the creation, analysis, and implementation of biometric methods does act under a number of operational requirements and data protection principles, such as those outlined in the United Kingdom Data Protection Act 2018 (GDPR). The GDPR requires users to be told what data is being collected and used for, and personally identifiable data and biometric data fall under the definition of special category data, which is subject to stricter processing conditions. This extends to biometric data in Article 9 of the GDPR, which outlines restrictions on the uses of such data.
Modern technology has enabled massive strides forward in the field of biometric authentication. However, the crucial nature of privacy in the context of using the human body as a means of identity authentication cannot be overlooked. As biometric data refers to personally identifiable data - this means data that could be used to identify an individual — collected as a result of biometric methods, securing this data is not just recommended, but critical to the protection of consumers.
1.3 Introduction to Blockchain Technology
As a result, blockchain has been heralded as a potential solution to data tampering and cyber attacks. This is particularly important in the context of biometric data, where any breach of data could have serious implications for a person's identity and privacy. It is also interesting to note that the use of blockchain would enable all activity on biometric data to be recorded in a single ledger, with time stamps and unique cryptographic signatures. This could provide a means of better regulating and monitoring the activity of companies that collect and store biometric data. However, there are increasing concerns about the high energy demands of blockchain as the size of data and number of users increase. This is something to be mindful of when considering the potential of blockchain in fostering a sustainable cybersecurity landscape.
When a person first registers to use a biometric authentication system, their biometric data is scanned and a digital record of this information is created. This digital record is then encrypted and stored in a 'block' of information on the chain using a private key. When a person uses a biometric system, their data is compared with the encrypted data stored on the chain using a public key. If the comparison is successful, access is granted. This 'block' of data is then time-stamped and added to the previous one within the chain to form a continuous 'link' of data. It is this feature of blockchain — the fact that each block contains a unique code generated from the content of the previous block — that makes it such a secure way of storing data. Because it is not possible to alter the information in any given block without altering the entire chain, attempts to hack a blockchain face an enormous challenge. The computational power required to do this would be vast.
Blockchain technology was originally developed as a way to store and record Bitcoin transactions, but it has now evolved into a technology that can be used in a range of different applications. Within the context of cyber security and data storage, blockchain has gathered a lot of attention. It is seen as a potential solution to a range of different challenges that cyber security experts face. For example, it has been suggested that blockchain technology could be used to replace the traditional username-password authentication method. Blockchain technology might help us move towards passwordless authentication solutions, using a person's biometric data such as fingerprint or facial recognition.
2. Effect of Biometric Authentication on User Privacy
Biometric data are any measurements relating to physical human characteristics such as fingerprints, retina, iris, voice, face, hand, ear, etc., and behavioral human characteristics such as gait, signature, keystroke, etc. that are used to identify a person. Biometric data are special categories of information. These data are considered "sensitive personal data or information" under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits, and Services) Act, 2016 only allows biometric information to be used for Aadhaar enrolment and authentication purposes. This is because the law recognizes that, should someone else use a person's biometric data, it may be difficult for them to prove this—and the risks to their privacy and identity are high. We can understand this easily by considering the following example: if someone hacks into a password or personal identification number-protected account, the person affected may change the password or PIN. However, a stolen biometric measurement is permanently compromised. It is not like a password that can be changed; if a fingerprint is stolen, there is no way to ensure that it will not be used for malicious purposes. Also, once biometric data has been compromised, it cannot be confidentially used as a method of verifying a person's identity. This is not the case for other methods such as passwords, which can be changed and reissued. When biometric authentication is compromised, the affected individual's personal information is at a greater risk than in the case of a password or PIN. Biometric data, even if compromised, cannot be changed. It can be used for various kinds of scams such as to embarrass individuals, to pursue illegal activities, and for a host of new, more damaging attacks. This means that persons affected by biometric data theft face a range of potential harms—from being framed for a crime to the leaking of sensitive personal data. Also, every biometric recognition system has a recognition error rate. This is a measure of how likely a given system is to incorrectly recognize the input. For example, one system used for fingerprint recognition is shown to have a 2% error rate. This means that for every 100 attempts to use a fingerprint to gain access, the system is predicted to incorrectly deny entry to 2. When it is multiplied by the high number of users or transactions for which biometric authentication may be used, the number of errors could be significant in real-world use. Therefore, the exclusivity of biometric data could potentially have far-reaching effects when such an error occurs, particularly where access to goods and services is dependent on such authentication. This may result in inaccessibility to vital services such as medical care or social security if such services employ biometric authentication. The implications of the exclusivity of biometric information and the error rate suffered by even the most accurate systems are very important to take into account in the privacy assessment of biometric data protection.
2.1 Collection and Storage of Biometric Data
One of the largest concerns regarding the use of biometric data is the method by which data are collected and stored. When a biometric is initially stored by a system, a distinguished numerical representation is created by an algorithm. The original biometric itself is generally discarded, meaning that solely the representation is held in the database. However, many believe that the practice of discarding the original biometric does not promise that the data cannot be reconstructed and the tidy representation simply diminishes the data's utility rather than its privacy. This is because if the template is stolen, it can be used to reconstruct an image of the original biometric. While the biometrics industry argues that the reconstructed image is not accurate enough to be of any concern, research has shown that this is not necessarily the case — in fact, the storage of the template and its corresponding constructability has been used to successfully critique public-hand biometric systems in case law. In addition, the industry standard for biometric storage is the ISO/IEC 24745 which, under article 4.21 notes that temporary images of the biometric may be held in the database or during the data import process. This has led to worries that hackers may be able to target and gain access to both a live feed and a local database of these images — a concern that is supported by repeated instances of data breaches in which hackers have gained access to millions of temporary images. Some suggest adopting a system much like that found in certain legal systems which prevents the centralization of biometric data. For example, the American biometric privacy legislation which was passed in 2008 carries the novel feature that, unlike traditional privacy laws which protect the individual from incursion on that privacy, the biometric law has been said to protect individual privacy from biometric data aggregation by corporations and businesses works. One interpretation of this approach found in the literature on the subject is that it prohibits the sale or lease of an individual's biometric information and limits the circumstances under which a biometric identifier can be disclosed. This could be an effective way of storing biometric information, as one hacker's access to a company's database would not compromise all the users on that system. However, critics argue that this would not eliminate other privacy concerns and may hinder potential commercial applications of biometrics.
2.2 Risks and Vulnerabilities Associated With Biometric Data
It is important to remember that biometric data are personal data and that having one's biometric features or information stored can potentially expose an individual to several risks. Biometric data can be misused to track a person's movements, actions, and so forth without the concerned individual's knowledge or consent. It can be used for potential mass surveillance of the public and it can be used for profiling, which is a key theme as captured under the European Union General Data Protection Regulation. However, under the GDPR, biometric data are defined as sensitive data in that biometric data, when processed to uniquely identify an individual, are considered personal data. Article 9 and Recital 51 of the GDPR stipulate that the processing of such data is prohibited save for specific purposes, such as where the data subject has given explicit consent to the processing for one or more specified reasons. Despite what appears to be a strong legal framework to protect biometric data, initiatives have been developed to undermine the privacy and other civil liberties concerns associated with the collection and use of biometric data. For example, in the United States, the Federal Bureau of Investigation has developed the Next Generation Identification system, which is a biometric database system that stores digital fingerprint records, facial recognition photographs, and other biometric data in its central biometric database - the Interstate Photo System. It is not without reason that this system has been described as a '21st-century big brother'. In other parts of the world, biometric technology has been implemented to the detriment of the right to privacy. For instance, in China, a mass surveillance project, known as the 'Sharp Eyes Project', has been launched to merge data from government and private security cameras and to integrate facial recognition technology to track individuals in public spaces. The government's plan for the project is to achieve perfect surveillance and to leave no blind spots across mainland China by the year 2020. The project's title is particularly apt given that it is named after a quote attributed to the former Chinese Chairman Mao Zedong, that 'the people have sharp eyes'. Such use of biometric technology and the potential consequences demonstrate why discussions regarding the need to protect biometric data privacy. The introduction of new and more sophisticated biometric technologies, such as facial recognition or DNA analysis, has resulted in biometric data becoming more accessible and easier to gather and analyze. It is worth noting that facial recognition refers to a way of recognizing a person's face using technology. This may involve taking someone's photo — the most typical way to use facial recognition on a mobile device is to take a picture of the person's face — and using the data from that picture to assist in identifying the person.
2.3 Privacy Concerns and Potential Misuse of Biometric Data
Although the Employment and Data Protection specialists at Langleys Solicitors see no immediate prospect of a ban, as case law around data protection continues to evolve and change in response to technological advances there's certainly scope for challenges to be brought against this sort of data processing in the future. By this, they mean that the Judiciary and indeed Parliament have shown themselves willing to adapt to new technologies and the threats they can pose to privacy. This, combined with the recent introduction of large financial penalties, such as those under the General Data Protection Regulation (GDPR), means that changes and further restrictions could be introduced in the coming years to protect individuals from the potential misuse of biometric data. However, it should be noted that there still remains a relatively low level of awareness of biometric data.
For example, in the employment context, some employers have started to use biometrics for the tracking of workers. Last year, a major railway company in the UK announced that it would begin using biometric hand scanners for the management of staff attendance. Concerns have been raised that this kind of technology could enable employers to engage in surveillance that undermines workers' right to privacy. The British Medical Association has already called for an outright ban on the use of biometric data by employers, expressing fears that the sensitive information could be used to keep tabs on health and lifestyle habits, therefore having a detrimental effect on recruitment and workplace discrimination laws.
While new laws and methods for biometric data protection continue to develop in both the UK and Europe, for the time being, campaigners are taking action through the courts. Last year privacy group "Big Brother Watch" was given permission by the High Court to legally challenge the use of biometrics by South Wales Police. However, it's not only governmental misuse of biometric data that has the potential to cause concerns. Entities outside the public sector, such as private companies, could use biometric data in ways that could be potentially harmful to individuals.
For example, biometric data could be used by states to keep track of individuals and stifle political dissent. In the US, the FBI has been developing a biometric database, which will help it to identify criminals and terrorists but which also has the potential to be used to monitor ordinary citizens. In the UK, campaigners have warned that the use of biometric data at borders could lead to a major expansion of surveillance. This is thought to be the case because the technology will give the government the ability to monitor and record each and every individual as they enter and leave the country, in a way that is not possible through the use of passports and other non-biometric identity documents.
There are a number of privacy concerns surrounding the use of biometric data. In today's electronic world, personal data is all too often exposed to potential unwanted access. It's not like a password or security card can be replaced; biological markers, once compromised, can never again be perfectly relied upon for identity verification. The potential threats to privacy from the misuse of biometric data are wide-ranging and could lead to significant harm.
3. Blockchain as a Solution for Privacy-Preserving Secure Data Store
Today, data processing systems for biometric data are internally connected, and access by outside requests is controlled either by keys of differing access rights or by the data system verifying the authenticity of the requester. But still, there are security weaknesses and complex scenarios in the process. Simple tasks put security challenges, like biometric template protection and token management. The versatility and time-dependent nature of biometric data present unique challenges to the protection of individual data privacy and data security. As the mere fact of the continuous growth rates in data breaches and ransomware is setting up an alarming tune, the requirement of setting up a much stronger and more secure technology surface is on top of the expectations. In recent times, cryptographic technology and blockchain-based techniques have become quite popular based on their enhanced security, data privacy, and also operational transparency. Blockchain technology basically refers to a decentralized setup of data holding and retention or simply a distributed ledger. This ledger contains digitally recorded data and stores the information from each transaction in a chain. Once recorded, the data in any given block cannot be altered without the alteration of all subsequent blocks and a consensus of the network. Blockchains are used in all kinds of transactions and other digital ledger applications that require security, accountability, and durability. Blockchain technology fascinates people for very genuine reasons. First, the data is not on a single server, and it's public. If your data is in thousands of places, the bad actor would need to compromise all of those places at once. And every time a data point is updated or entered or otherwise modified, that change goes out to every copy. This means if you have a good copy of the data and I were to try to infect and corrupt one piece of the data, your copy would be recognized by the network and automatically heal it. Second, blockchain technology is fast and it works instantly throughout its operations. Lastly, blockchains are historic and immutable. As for the well-accepted definition, trust is the key to good enough security. And maintaining immutability is a great feature when considering data security. The properties are very useful and necessary for the kinds of record-keeping that are encountered in financial and governmental operations. Blockchains are well tamper-proof. Every transaction is time-stamped and verified by each node in the chain. Most importantly, as data in a block is described by a mathematical function of itself and all data up to the previous block, changing any data would alter the function and thus break the chain. So the existence of this clear linkage between a block of data and the data that preceded it will ensure the integrity and security of such a storage system. For biometric security and privacy, many experts have explored that blockchain technology can provide very high-security levels for the biometric data that is provisioned and processed. By using secure cryptographic techniques and blockchain-based methods, such as biometric encryption, biometric template protection, and biometric token management, many security vulnerabilities and risks in contemporary biometric systems can be easily eliminated, and data protection is prolonged against the technological infrastructure which is getting ever wise. With modern cryptographic techniques and blockchain-based methods like such, a complete and robust overhauling can be done as the technology can support the design, development, and commissioning of biometric systems in a much more secure state, and it can also underpin large-scale data provisioning and data management for the longer term. Wowessays. (2022). The Impact of Biometric Authentication on User Privacy and the Role of Blockchain in Preserving Secure Data. Retrieved January 6, 2022, from [Link]
3.1 How Blockchain Technology Works
Blockchain is a decentralized, distributed ledger system in which data is stored in blocks. Each block contains a list of transactions, and every transaction must be recorded on a block. All blocks are linked using digital cryptography hence the name blockchain. A blockchain network consists of multiple nodes, each of which has a copy of the whole blockchain. When a new block is added to the blockchain, every node updates its blockchain to reflect the change. This makes it practically impossible to tamper with the contents of any block, as such a change would require the consensus of every node in the network. In addition, the use of digital signatures in the validation process ensures the security of the data because all transactions are signed by the correct parties to guarantee their authenticity. The digital signatures also serve to prevent the data contained in the blocks from being altered by malicious third parties, providing a further layer of security. Another feature of blockchain technology is its support of smart contracts, which are self-executing contracts in which the terms of the contract are directly written into lines of code. Smart contracts automatically enforce and carry out the terms of their contract given that certain conditions are met. When combined with blockchain technology, these contracts can be especially useful because once a smart contract is added to a block, it becomes immutable, meaning the contract code cannot be changed and the contract cannot be stopped or tampered with. This allows for trustless collaboration between two different parties, where one party can have a guarantee that the other party will not back out of the contract. Lastly, blockchain networks can be either public or private. In a public blockchain, every person is allowed to participate in the validation process and in recording transactions, while private blockchains operate within the limits of an organization and have controls over who has the write and read access to the blockchain. Understanding how each of these three different key aspects of blockchain technology contributes to the overall security and integrity of the data, helps to highlight the importance of blockchain as a method of preserving privacy in biometric authentication.
3.2 Advantages of Using Blockchain for Data Storage
Unlike in traditional storage systems, where databases are prone to server failures and cyber-attacks, blockchains are usually designed to be secure and fault-tolerant. In a blockchain system, data — both the content of the blocks and the chronological order in which they are linked — are verified by the nodes and then enforced cryptographically. Once a block has been added to the end of the blockchain, it is very difficult to go back and alter the contents of the block unless the majority of the network nodes reach a consensus to do so. As mentioned earlier, a central authority is not in charge of the blockchain. So, users do not need to place any trust in the data. They can directly verify the data for themselves. Every user in the network can have their own 'copy' of the blockchain, and any new block proposed by a user will be broadcast to each user in the network. There will be a verification process carried out using certain consensus algorithms to decide whether this block is valid to be added to their own blockchain or not. This distributed nature of the blockchain provides high fault tolerance: if one node goes down, the system is still able to continue operation, perhaps with a small decrease in performance due to the loss of one or a few nodes. Furthermore, a blockchain platform can be designed with a high level of auditability because every action carried out can be recorded as a transaction. Every node in the network will have a complete history of all the transaction records from the first block up to the most recent one. This feature would be especially beneficial for the healthcare systems, as different medical personnel will need to access the electronic health records of the patients. Every access and change in the records will be recorded in the blockchain and all the authorized personnel will have a complete, transparent view of the patient's medical history. This would effectively prevent cases like data being altered or deleted without consent.
3.3 Role of Blockchain in Preserving Privacy in Biometric Authentication
However, if instead of storing the biometric data in the traditional way, they are simply held in a blockchain, this attack can be completely mitigated. Biometric authentication will still work — when you need to be checked, someone will still scan your fingerprint, for example. However, the system will not scan the prints and check them out of some central database.
However, given the extended nature of modern IT systems, it is possible that many different organizations may wish to carry out such checks — and therefore they may all need access to a user's biometric data. Even if the databases are not connected to each other in any way, this could potentially represent a very wide vulnerability attack surface. If any one of those sites were to be attacked and the biometric data stolen, it could be used to impersonate that user on any of the other sites.
When users register their biometric data with a system (such as a fingerprint or facial scan image) these data are stored in a database somewhere. When a user needs to be authenticated (in other words, their identity needs to be checked), the biometric data they provide will be checked against the data in that database.
Biometric data are a particular concern in data privacy. Unlike passwords, for example, if someone's biometric data is stolen, it is not possible to change it. This makes biometric data very valuable to attackers - once it is stolen, it is stolen forever.
The use of blockchain technology in ensuring biometric data is kept private and secure is an area of wide interest in current research. Blockchain technology was originally developed as a means of providing secure record-keeping for cryptocurrency transactions. However, it has since been found that the properties of blockchain that make it so useful for this purpose can be harnessed to provide privacy in biometric data.
4. Conclusion
The promising technologies of biometric authentication and blockchain provide unprecedented opportunities for enhancing the security and privacy of user data. On the one hand, biometric authentication offers a convenient and secure alternative to traditional password-based authentication methods. However, the collection and processing of biometric data raise significant privacy and data protection concerns. More importantly, the risks and vulnerabilities in the storage and usage of biometric data can have serious consequences on users' privacy and individual liberty if these issues are not properly addressed. On the other hand, blockchain technology, with its property of providing decentralization, transparency, and immutability, can be used to address the security and privacy issues in various kinds of digital data, including biometric data in authentication systems. By storing the hash key of the biometric data in the blockchain ledgers instead of the biometric data itself, it allows a more secure and privacy-preserving method of data storage. Also, the consensus algorithms and the distributed nature of blockchain can help to prevent unauthorized data modifications and potential cyber-attacks in tampering the biometric data. Throughout the entire article, I have demonstrated how user privacy is impacted in the age of biometric authentication and how blockchain can truly preserve data security and data privacy in biometric systems. Also, I have shown the very first real-world example — the Estonia E-residency program — that utilizes the marriage of biometric data in government-issued digital ID and blockchain technology, which successfully unleashes the full potential of a remote digital society. By comparing to the traditional, centralized data storage and the emerging blockchain-based data storage, I have also illustrated the concrete advantages of using blockchain to protect biometric data privacy. Last but not least, the discussions in the article have highlighted the future considerations and challenges in studying blockchain for privacy preservation. With a conclusive remark, I believe that this work can shed light on future research and the development of new standards and regulations to ensure data privacy and data security in biometric authentication. Thank you.
4.1 Summary of the Impact of Biometric Authentication on User Privacy
The majority of the users do not understand the gravity of the matter or know how to read a privacy policy, so they will not be manipulated by the service providers. Also, when a security incident happens, the victims usually cannot acquire information concerning the incident at once because in some cases, the affected company is under investigation and it is a crime to disclose exclusive company information. However, with respect to protecting user privacy, most states in the US grant the affected company a short period of grace to adopt remedial action prior to the disclosure of the security breach to the public. Such privacy laws help to diminish the disadvantages of using biometric authentication to a certain extent. Also, as discussed in class, the legal system can aid in protecting the rights of the users. For instance, the Telecommunications Act of 1996 in the US makes wiretapping illegal. If the biometric data is intercepted while transmitting, the tracking activities — even partially successful — would constitute a crime.
4.2 Potential Benefits of Utilizing Blockchain for Secure Data Storage
An example of where blockchain has been used effectively is in "digital identity". This is a means by which we can prove our identity in the online world, just as our passport or driving license does in real life. Users have the opportunity to store their personal information on their own devices and only provide those details that are absolutely necessary and for a specific purpose, such as age verification or address. Every time a new record is added to the blockchain about when and where that information has been requested, it is linked to a previous record and digitally signed. This means that users have a clear understanding of who has accessed their information and for what purpose, providing them with greater control and transparency.
On top of this, many blockchains implement a system where any changes to a block within the chain should be agreed upon by all parties in the network. For example, Hyperledger Fabric, a private blockchain platform, uses a majority-rules concept that demands that 50% of the given members of the network agree and endorse a proposed transaction before it gets approved and executed. This so-called consensus in the ordering and confirmation of the transactions provides a further level of security that until now has not existed in standard database technologies. Hyperledger Fabric goes a step further by allowing different aspects of blockchain security to be configured. For instance, the creator of the network can set how many organizations' hardware must be compromised before the security of the network is threatened, as well as determine how many concurrent valid messages received from other members of the network are enough to confirm a transaction.
With data written into blocks and each block linked to the previous one using a cryptographic signature, it is evident that data stored on a blockchain is more secure and less susceptible to tampering. Moreover, the decentralized nature of blockchain means there are multiple copies of the database in which the data is held. These are replicated across a number of nodes. This means that in order to compromise the system and change the data in one block, a hacker would need to manipulate the data in all the preceding blocks across a majority of the instances of the database and do so in a short amount of time before new blocks are continuously added to the chain and previous blocks are locked, making it virtually impossible.
The distributed and decentralized nature of blockchain technology ensures that there is no single point of control or failure. Once data is written onto a blockchain, it is extremely difficult to modify or delete it. This makes blockchain an excellent candidate for secure data storage. As discussed in the previous section, the nature of biometric systems requires the storage of biometric data. Public acceptance of these systems, however, is hindered due to the privacy issues raised through the storage of such sensitive data. Blockchain has the potential to overcome this problem, revolutionizing biometric security systems by providing enhanced privacy for users. This is particularly attractive for users because maintaining data privacy and security is always a crucial aspect when developing any IT system.
4.3 Future Considerations and Challenges in Implementing Blockchain for Privacy Preservation
One such potential challenge in the implementation of blockchain for privacy preservation is the question of whether decentralized consent is practical. Users must be able to have control over what happens to their biometric data so that if any user no longer wants their data to be stored, they can revoke the permission and the data will be anonymous. However, the decentralized nature of blockchain and distributed ledger technology means that currently, any proposed new system would have to undergo extensive redevelopment in order to include a consent administrator to oversee this process. This is not necessarily a drawback, and in the future, it could be envisioned that a system could be developed where, for example, a smart contract could execute data deregistration in response to a user withdrawing their consent. Nevertheless, a shift to a new form of privacy protection will require an adjustment period where these practical and technical barriers will have to be reviewed and a potential new system of data management will have to be developed. These barriers may be discouraging for those who are considering the transition from traditional, centralized data storage to new, more secure decentralized systems. It creates a very high barrier to change for those companies and organizations that will have to re-evaluate and adjust their procedures in line with these new systems. The motivation to overcome these challenges has to be very high. This might be in the face of recent well-publicized data breaches, as it has the potential to restore public trust in online data storage; nevertheless, without significant leverage to force the issue, companies might be very slow to transition.
Opinions expressed by DZone contributors are their own.
Comments