Data Privacy in Biomapper
Biometrics are the current trend and a major solution in the fight for Sybil resistance and the future of data and user security. Aside from scanning your face or fingerprints to gain access to your smartphone, various services have started to consider a shift to utilizing biometrics.
Humanode, the first Crypto-Biometric network, even stakes the user's biometric identification, through face scan and liveness detection, allowing users to launch validator nodes on the Humanode Mainnet. It has also offered BotBasher to discord servers, allowing servers a much higher degree of Sybil resistance by having users tie their biometric identity to their discord account as proof of having a living person behind the account.
On top of that, Humanode has released Biomapper, which has allowed users to participate in Nonlinear LP Staking, and which will allow DApps and Web3 services to tie a user’s biometric identity to an EVM address for safe and secure Sybil resistance.
Based on the use cases of BotBasher, and the partners who are standing in line, it is expected that as soon as Biomapper operates cross-chain, Biomapper-based Sybil-resistant Airdrops, Sybil-resistant Whitelisting, and unique-user-only sign-ups for DApps and Play-to-earn games will become commonplace.
After all, for the services, they want to know how many users they actually have, be able to reach out to those users with an equal share of rewards and interact with real users. The users, on the other hand, will most likely want to have a fair chance of earning rewards, Airdrops, and being whitelisted.
Having said all this, there is one big question that remains in everyone’s mind. How secure are biometrics? I mean, servers get hacked all the time. User information is stolen even from some of the biggest companies out there, not to mention being stolen from government servers. Even if they are not stolen, big-name companies exploit, buy, and sell personal information for “marketing” purposes. It is said that the fight for privacy has already been lost! How different could Humanode Biomapper be!?
Data Security for Biomapper
To understand the security of Biomapper, one may need a quick review of what Biomapper does.
Biomapper, or private on-chain Biomapping, allows users to scan their biometrics to prove that there is a live and unique human being behind the paired Humanode EVM address (EVM wallet address) while ensuring that the actual biometric data remains completely private, securely encrypted in Confidential Virtual Machines. Consider it like zero-knowledge proof (ZKPs), where the system can verify the authenticity of the information without needing to know the specific biometric information itself.
In short, Biomapper is a combination of the OAuth2, CVMs, and Bio-tokens (which represent the biometric data), a signer server, and a number of smart contracts that will allow the various services to utilize the Biomapper functions.
What this means, is that if you see a service ask for Human Verification via Biomapper, the Web3 or DApps you are signing up for will only be using smart contracts that can tell if you are a unique human user or not, and they do not gain any personal biometric information during the entire process.
Great! But what about Humanode which runs the Biomapper!? You have all the personal information, right?
Biomapper and Security, Step by Step
To answer that question, let’s run through the process, step by step.
-- Data Collection: To verify that a user is a living human being, they have to go through a live video-based 3D face scan using any device with a camera of at least 3 megapixels. It is a 10-15 seconds process. During this process, the platform's algorithms transform the video feed into an anonymized 3D template simultaneously verifying liveness.
-- Encryption and Transmission: The anonymized 3D template and liveness data are encrypted using asymmetric cryptography while still on the user’s device and sent over the network to the Confidential Virtual Machines(VMs).
-- Data verification: This process is very critical as there is a potential for attacks happening at this stage. The encrypted data arrives on Confidential VMs that utilize AMD SEV-SNP. AMD SEV-SNP provides hardware-based encryption to safeguard the entire VM memory from unauthorized access, including potential intrusion by the host administrator. The protection extends to the hypervisor, which is managed by the cloud service provider (CSP). This ensures the prevention of any physical attacks by host admins as well as state-backed attacks.
For example, what if the FBI raids one of the locations where these servers are located? In the case of normal Confidential Computing operations, someone with physical access can get their hands on the components of servers using multiple tactics but in servers utilizing AMD SEV-SNP, this is not possible.
While AMD SEV-SNP effectively mitigates the risk of physical attacks, there is another type of threat to consider: attacks by super administrators, or in simpler terms, those who set up the servers. In the case of Biomapper, this refers to us.
To address this concern, SEV-SNP technology provides an option to configure it in a way that even the super admins do not get access to the components of data on the server.
Technically, while configuring the server, we upload our initial image. This initial image contains the guest VM code. At the end of the launch process, we send the signed identity block (IDB) containing the launch digest to VM. The contents of this identity block allow the guest owners to uniquely identify the VM. VM then asks SEV-SNP firmware for an attestation report. The attestation report contains IDB and the launch digest. The core purpose of this process is to verify and authenticate the VMs hardware and launch digest.
When we configure Confidential VMs, it’s done in a manner that prevents our access. We do not possess any passwords or SSH keys to access the VM. Instead, we prepare a suite of software in a way that, upon boot, self-configures and independently generates all necessary keys.
For users to get verified, two components are required: an anonymized 3D face template and liveness data. The Confidential Computing servers compare the newly arrived encrypted and anonymized 3D face templates against those already registered in the system in such a way that before sending the already encrypted data to memory for processing, it is encrypted again for protection from physical attacks.
As for the liveness data, it is timestamped and immediately deleted after verifying that the user is an actual live human being, not a facemask, photograph, or a deep fake.
-- Data storage: Once the data is authenticated, the encrypted and anonymized 3D face template is saved on the Confidential virtual machine (VM), and a random string is generated, which is hashed to create a Biotoken that will be mapped to the EMV address inside a smart contract.
Since the liveness data gets deleted immediately and only the Bio-token, which is a random string that is associated with the EVM address in the smart contracts, and the Bio-token is useless outside the Biomapper, this data is useless for malicious purposes.
In summary, the safeguarding and privacy of biometric data are paramount in our technology. From the outset of the data collection process, we ensure that no data can be traced back to a specific user by anonymizing the 3D face templates. By employing confidential computing, we guarantee that data is never transmitted without encryption. Moreover, through the use of AMD SEV-SNP, we make certain that the data remains inaccessible to anyone at any stage of the data lifecycle.
In conclusion, we believe that by utilizing Biomapper, users are able to utilize their biometrics to sign up for services in a private and secure manner, while the companies and projects that utilize the Biomapper are able to gain Sybil resistance, while not having to carry the risk or burden of having to deal with the protection and storage of highly private biometric data.