Posts-on-Biometrics-storage-locally-or-Cloud
docx
keyboard_arrow_up
School
University of the Cumberlands *
*We aren’t endorsed by this school
Course
ISOL 531
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
3
Uploaded by SuperHumanJellyfish3761
The convenience and availability of cloud services has seen a dramatic increase in business
functionality being shifted from local servers to the cloud. Even our biometrics may be
stored in the cloud.
Assume your employer has signed up with a global authentication provider that stores user
fingerprints in the users’ global identity accounts. Users can then use their biometric
fingerprint from the cloud service to access websites rather than storing the fingerprint
locally on their mobile device or computer.
In theory, if an attacker gains access to your fingerprints (whether stored locally or in the
cloud), they could compromise any of your online accounts that accept your fingerprints.
Answer the following question(s):
1.
Is the storage of biometric data safer locally or in the cloud? Why?
2.
If an attacker has your fingerprints, could multifactor authentication (MFA) still
prevent the attacker from gaining access to your accounts? Why or why not?
The decision to store biometric data either locally or in the cloud depends on a lot of
consideration and neither option is inherently safer than the other. This is determined by the
specific security protocols in place, the sophistication of potential attackers, and the sensitivity of
the data being protected (Saripalli & Walters, 2010). Storing biometrics locally may be
considered safer because if the device is physically secure, it is harder for a remote attacker to
access the data. However, local storage can still be vulnerable to physical theft, damage or loss.
In addition, if an attacker can compromise the local device through a malware or other types of
attacks, they may be able to access locally stored biometric data (Sasse, et al, 2001).
Cloud storage, on the other hand, benefits from potentially greater resources for security,
including sophisticated intrusion detection systems, encryption, and regular security audits.
However, it also presents a larger and more attractive target for attackers, and if the cloud
provider's security is breached, potentially many users' biometric data could be compromised at
once. The security of cloud-based biometric data also relies on the security of the network
connections between the user and the cloud, which can be another point of vulnerability
(Pearson, 2013).
As for multi-factor authentication (MFA), it could still provide protection even if an attacker has
your fingerprints. MFA requires at least two different types of evidence to authenticate a user.
These can be something you know (like a password), something you have (like a physical token
or a mobile device), and something you are (like a fingerprint). If an attacker has your
fingerprints but not the other factors, they should not be able to gain access to your accounts
(Movahhedian, et al, 2018). However, it's important to note that MFA is not infallible. If the
attacker can also gain access to one of the other factors, such as by phishing for passwords or
compromising a device used for authentication, MFA could potentially be bypassed. Thus,
overall security depends not only on MFA but also on robust security practices in all areas
(Movahhedian et al., 2018).
References
Movahhedian, H., Abadi, M., Jalili, R., & Amini, M. (2018). Risk-based adaptive authentication:
Mitigating attacks on multi-factor authentication.
Computers & Security
, 77, 147-166.
Sasse, M. A., Brostoff, S., & Weirich, D. (2001). Transforming the weakest link—a
human/computer interaction approach to usable and effective security.
BT technology journal,
19(3), 122-131.
Saripalli, P., & Walters, B. (2010). QUIRC: A quantitative impact and risk assessment framework
for cloud security.
In 2010 3rd IEEE International Conference on Cloud Computing
(pp. 280-
288). IEEE.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for
Cloud Computing (pp. 3-42). Springer.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help