| Issue |
Security and Safety
Volume 5, 2026
|
|
|---|---|---|
| Article Number | 2026003 | |
| Number of page(s) | 17 | |
| Section | Other Fields | |
| DOI | https://doi.org/10.1051/sands/2026003 | |
| Published online | 29 January 2026 | |
Research Article
Understanding biometric-based systems for detecting and preventing cyber-attacks: Current trends, emerging technologies, and synthetic biometrics
Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani 333031, India
* Corresponding author (email: This email address is being protected from spambots. You need JavaScript enabled to view it.
)
Received:
10
August
2025
Revised:
19
December
2025
Accepted:
22
January
2026
Abstract
Today, everyone is heavily dependent on computers, mobile devices, and digital systems/applications to store, access, and transmit their data and personal information. On the other hand, cybersecurity threats, exploitation of digital systems, and new, complex cyberattacks are evolving daily. This requires a growing need for innovative approaches to protecting data beyond traditional methods. The study explores the use of biometric systems in cybersecurity for the prevention and detection of cyberattacks by integrating them for authenticating and authorizing individuals. Biometric authentication is used to verify an individual’s identity and grant them access based on their roles or authorizations. The paper focuses on understanding current trends and emerging technologies in biometric systems, while recognizing that these systems are not immune to cyberattacks. Can synthetic biometric data that is generated using virtual identities be an option to be considered to minimize the risk of exposing user identity in the event of a data breach, and as a means to preserve privacy, be explored as part of this research? A qualitative study is carried out using existing literature and analyzed based on the generated themes. The outcome of the study resulted in a multi-layered conceptual framework integrating the modalities of biometric systems with synthetic data and a model offering a feedback loop that can enhance operational efficiency and cultivate user trust and resilience. The study also provides insights relevant to businesses and researchers to build their systems and enhance research from a user perspective.
Key words: Biometric systems / Cyber-attack detection and prevention / Cybersecurity / Synthetic biometrics
Citation: Vijaykumar P and Kashikar P. Understanding biometric-based systems for detecting and preventing cyber-attacks: Current trends, emerging technologies, and synthetic biometrics. Security and Safety 2026; 5: 2026003. https://doi.org/10.1051/sands/2026003
© The Author(s) 2026. Published by EDP Sciences and China Science Publishing & Media Ltd.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
1. Introduction
1.1. Background
Biometric technology is used to recognize individuals based on their biological, including physical and behavioural, characteristics, and is used in numerous applications, including Government systems, to confirm and verify an individual’s identity [1]. These systems are widely adopted in banking, border control, and airport systems, e-commerce, Government sectors, and physical/logical access control, thus providing a robust defense against unauthorized access [2].
The benefits offered by biometric technology are not limited to only individual identity but also to preventing fraud, enabling physical access control for institutions or even automobiles, tracking time and attendance, and application and device authentication. These biological characteristics of individuals can include fingerprints, iris/retina scans, hand geometry, facial features/image, DNA images, voice patterns, signatures, keystroke rhythms, and mouse navigation, as shown in Figure 1 [1, 2]. Traditional authentication methods like passwords or tokens can be easily compromised, lost, or stolen, and biometrics provides an advantage in this aspect since it’s quite intrinsic to individuals and it’s quite challenging to replicate or falsify [3]. Today, in comparison to the traditional authentication methods, biometric-based systems, due to their unique and advantageous offerings, are now an integral part of cybersecurity. Although these are not without vulnerabilities or immune to the various cyber-attacks, thereby compromising their effectiveness. When using a biometric system for authentication, it is essential to ensure that data is protected both at rest and in transit, with a trusted process to identify threats and implement countermeasures at each point [1].
![]() |
Figure 1. Categorization of biometrics system |
1.2. Problem statement
In today’s digital era, the usage of digital systems, the internet, and the rise in cyber-attacks are going hand-in-hand [2]. Usage of traditional security means like passwords and firewalls is no longer sufficient to protect against the cyber threats that compromise the security and integrity of sensitive information. Biometric-based systems have become significantly popular in cybersecurity for verifying an individual’s identity, with the help of their unique physical or behavioral characteristics, and offering an enhanced, promising solution that can prevent fraud and is quite convenient for users. Despite the commendable advantages offered by these systems, there are concerns about privacy and the risk of data breaches, leading to unauthorized access, identity theft, and impersonation [3]. These data privacy concerns arise in conjunction with one of the major risks associated with biometric systems, i.e., storing and processing the sensitive data, which becomes multifold to comply with regulatory standards like GDPR (General Data Protection Regulation). Though the biometric systems present a promising avenue for enhancing cybersecurity, their vulnerability to various attacks and systems not being completely foolproof necessitate more ongoing research and development to understand their effectiveness, proactive measures, security, and emerging trends, especially on the privacy-preserving feasibilities with strategies to strengthen the systems against evolving threats.
(1) Research Objective (RO). The objective of this research is to study the current state of biometric-based systems for detecting and preventing cyber-attacks, including the feasibility of privacy-preserving biometric techniques to address the concerns related to privacy, and to explore their potential applications and limitations as follows:
-
(a)
To analyze the potential applications and limitations of biometric-based systems in detecting and preventing cyber-attacks;
-
(b)
To examine the current trends and emerging technologies in biometric-based systems for cybersecurity;
-
(c)
To understand the use of synthetic biometrics as a privacy-preserving technique.
(2) Research Questions (RQ). The research question associated with this study, to align with the research objectives, as follows.
-
(a)
RQ1: What are the potential applications and limitations of biometric-based systems in detecting and preventing cyber-attacks?
-
(b)
RQ2: What are the latest trends and technologies emerging in biometric-based systems for cybersecurity?
-
(c)
RQ3: How can synthetic biometrics be used to address concerns related to data privacy and reduce the risk of data breaches in biometric systems?
2. Literature review
A biometric system uses distinctive human features, captured and analyzed, to verify a person’s identity. These distinct human traits includes the unique ridges, minutia points [4], and patterns as seen on the fingertips captured via fingerprints, scanning the iris which is the colored part of one’s eye that has intricate patterns, capturing the contours and accurate face measurements, recognizing the unique voice patterns based on the sounds generated and one’s rhythmic voice, and analyzing one’s behavioural traits such as walking/typing/signature style, etc. [5].
2.1. Biometrics systems applicability in cybersecurity
The integration of biometric technology into cybersecurity frameworks was a significant technological achievement that reduced the risk of unauthorized access and strengthened security. While there are lots of applications for biometric systems, the most used are as follows.
2.1.1. Access control and authentication
One of the basic uses of biometric systems in cybersecurity is to make sure that only authorized users can access sensitive systems, devices, networks, and even physical premises or facilities. On the other hand, biometric authentication provides greater security because it uses unique individual traits to confirm a person’s identity. This is achieved by comparing individuals’ biometric data, such as fingerprints, facial patterns, and retinal scans, with their previously enrolled biometric data [4]. Passwords and PINs, one of the traditional authentication methods, are no longer secure as they used to be in the past and are susceptible to cyberattacks such as social engineering, phishing, and credential theft, as well as the risk of being forgotten or, in the case of access cards, getting lost or stolen [3]. With biometric authentication, these challenges are addressed, and an additional advantage of using biometric technology for physical access control by organizations is its use as a time-and-attendance system to clock in and out of office time, along with identity verification, which also addresses the issue of proxy attendance [4].
-
(1)
Facial recognition systems: To unlock devices and identify users in public spaces.
-
(2)
Iris scans: To provide a high level of security for access control in high-risk areas, such as government buildings or financial institutions.
-
(3)
Fingerprint-based systems: To secure office environments via usage in smartphones, banking apps [5].
In banking, access and transaction authorizations for customer accounts, and criminal identification to control access across borders, are used in law enforcement, with advanced biometric systems.
2.1.2. Insider threat detection
As the world advances in digital and artificial intelligence (AI) technology, there is a significant surge in global cyber threats across businesses and governments. Although the top three threats are phishing, social engineering, malware/ransomware, and AI-driven attacks, a significant challenge for organizations and businesses is insider threats. There is a significant risk associated with insiders due to the high level of trust and access to systems and devices they have, which can be misused by them or through stolen/compromised credentials [6].
Insider threat detection thereby becomes one of the critical applications of biometric systems, though often overlooked. Even with security systems in place to monitor network traffic and user behavior, it is difficult to determine whether any malicious activity occurs, as legitimate system access and subtle activities carried out by insiders can mimic malicious behavior. With biometric systems, a user’s unique behavior when typing is difficult to replicate, thereby protecting system access [6]. Keystroke or mouse movements can identify anomalies or deviations from an individual’s regular interaction style. Organizations can combine traditional authentication with behavioral biometrics to detect real-time suspicious activities post user identity verification.
2.1.3. Continuous authentication
Continuous authentication, one of the applications of biometric systems, focuses on verifying a user’s identity on a continuous basis throughout their interaction with the system, instead of verifying just at the access point [5]. Continuous authentication is used to monitor users’ identity continually via context-based, biometric, and behavioral real-time information and detect any anomalies [7]. Leveraging AI technology can further enhance the process to determine the perceived threat level by dynamically providing real-time assessments for any unusual activity and requesting additional verification methods for the user’s authorized access or automatically logging out the user [5]. Usage of this approach enhances security by detecting session hijacking, where an attacker is likely to steal a user’s session once they have logged in, or piggybacking and spoofing, where someone tries to gain access using another user’s credentials [7]. It is particularly useful in sensitive environments, where any kind of unauthorized access to systems can lead to serious repercussions [5].
Continuous biometric verification helps in reducing such vulnerabilities by monitoring the user’s behavior and building a profile of the user’s normal behaviors to be compared with a standard reference for any future activities. The behavioral pattern check includes checking gait (walking patterns), typing patterns, location of access, voice patterns, or facial recognition over time, to ensure that the person interacting with the system is the one who initially logged in.
2.2. Cyber crimes/challenges/cyber-attack preventive strategies related to biometric systems
Biometric systems have been in use since ancient civilizations. In recent years, technological advances have enabled advanced layers of security, but they are not resistant to cyberattacks. The risk associated with these attacks is quite high, as biometric data is private and permanent for an individual.
2.2.1. Types of cyberattacks on biometric systems
-
(1)
Data breaches and identity theft: Biometric data once stolen or leaked cannot be reversed, as fingerprints, faces, etc., cannot be reset unless the system uses template protection or cancelable biometrics to allow the storage of transformed data. In 2015, the U.S. Office of Personnel Management (OPM) experienced a major data breach compromising the personal data of 21.5 million individuals, including SSNs (social security numbers), fingerprints, interview records, and login credentials [8]. Such attacks can be prevented through secure, encrypted storage methods to protect biometric data [9].
-
(2)
Impersonation attacks using fake biometric traits of individuals and pretending to be that specific person, and gain unauthorized access [9]. Data is often obtained via social engineering and user manipulation.
-
(3)
Spoofing attacks using fake biometric information like photographs for facial recognition systems, fake fingerprints, 3D masks, or deepfakes to fool the system [10]. Obtaining these fake data to attackers is made easier by users, for example, by leaving fingerprints on doorknobs, posting personal photos on social media, and images captured in cameras being made available in public places [11]. Spoofing attacks have become quite common with the advent of AI and easy access to AI and machine learning (ML) tools to generate deepfakes, like the researchers at New York University developed “DeepMasterPrints” synthetic fingerprints mimicking individuals’ prints to deceive fingerprint sensors [12]. Another type of spoofing attack is a Wolf attack, where biometric samples are matched with the registered templates and used to fool the biometric authentication system [11]. Germany’s Chaos Computer Club in 2013 hacked the latest model of iPhone, then released using a fingerprint, which was photographed from a glass surface, to authenticate the user and access the phone [13].
-
(4)
Replay attacks by reuse of captured biometric data obtained indirectly, either via secretly recording the voice or from photos in a public forum/social media, to authenticate as the legitimate user and gain access control of the system [9, 11]. Enabling multi-factor authentication (MFA) by combining biometric authentication with other modes such as time-sensitive tokens or secured sessions using token expiration like OAuth can further enhance security [9].
-
(5)
Inverse biometrics by reverse engineering of stored biometric templates to reconstruct the original biometric data, thereby compromising user privacy and security, which can potentially generate data to successfully authenticate the user [14].
-
(6)
Hill climbing attack targets physiological biometrics systems stored as a template by constructing a biometric input and gradually refining until it is falsely accepted and authenticated into the system [4]. A countermeasure to prevent this attack is to restrict the number of authentication attempts and reduce the likelihood of false acceptance and successful iterative exploitation [4].
2.2.2. Other cyber-attack prevention strategies on biometric systems
Other cyber-attack prevention strategies to address the cyber-attacks on biometric systems include as follows.
-
(1)
Intrusion Detection Systems (IDS): IDS implementation can help prevent potential attacks by identifying suspicious activity and alerting system or application administrators to respond immediately [9]. Quick actions can help minimize the risk of escalated attacks or compromised systems.
-
(2)
Vulnerability analysis: Identifying potential attack vectors and fixing vulnerabilities, using methods such as attack trees, and informing the need for designing better, more secure systems [10]. Regular vulnerability assessments and penetration testing to understand system weaknesses, and address these weaknesses through patch management, keeping systems and applications up to date with critical version upgrades or service packs, and deploying vulnerability fixes can help minimize attacks before attackers can exploit them.
-
(3)
Liveness detection: Facial spoofing with high-resolution photographs or video clips can bypass facial recognition systems if they lack proper liveness detection mechanisms powered by ML algorithms. Liveness detection verifies whether the captured biometric sample is from a live person rather than a spoofed source by looking for specific behavioral or biological cues, such as eye movements, heartbeat detection, facial expressions, and variations in skin texture [11]. For example, dynamic facial recognition systems can verify a user’s identity based on their smile, eye blink, and other facial cues.
2.2.3. Challenges of biometric systems
-
(1)
Environmental and sensor limitations: Environmental factors can affect how accurately the biometric systems works, like facial recognition systems can potentially give a false negative while identifying individuals under poor lighting conditions, or fingerprint scan can fail if the captured data of the user’s hands were dirty, wet, or injured. Iris scanning can also be affected by individuals wearing glasses or contact lenses, glare or lighting, or by critically ill patients [5, 15]. These can make biometric systems less reliable in real-world scenarios, underscoring the need for regular user training to ensure appropriate interaction with the system.
-
(2)
Privacy concerns and data breaches: Though biometric systems provide enhanced security, there are lots of privacy concerns, as these systems deals with personal & permanent information of an individual which can be compromised [3, 5]. Identify theft or malicious activities on an individual’s biometric data due to data breach or loss cannot be reset. This is a major concern due to the growing trend of centralized biometric databases and the likelihood of potential breach. The risks associated with informed consents provided by individuals to collect, store, process, or potentially getting exposed due to breach of biometric data are not fully understood. It would be deemed important for organizations to adhere to stringent data protection regulations for how biometric data should be handled, processed, and stored, like the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), etc. [5]. In India, Aadhaar, used for personal identification, is integrated with multiple apps and services to verify users’ identities. Although this integration is quite convenient, there is a good amount of uncertainty for individuals whose data is shared, as they are unaware of how secure their data is and for what purposes the platforms or services that use their biometric information are being used.
-
(3)
Cost and integration challenges: The cost associated with implementing and maintaining biometric systems is quite high due to the initial infrastructure investments, subsequent maintenance, training, and business needs, which require a cost-benefit analysis before implementing and deploying these systems [5]. The infrastructure required includes high-resolution sensors, software for capturing/storing/processing/matching biometric data, and secure storage systems, which are expensive.
These systems and applications, which need to switch to biometric authentication, must be integrated with existing IT infrastructures. In such situations, especially with legacy systems, biometric system compatibility [5] can pose a challenge for infrastructure setup and management.
2.3. Trends and emerging technologies in biometric-based systems
Technological advancements in the digital era also include biometric system enhancements to make the system more reliable, usable, accurate, and convenient [15]. These include as follows.
2.3.1. Multi-modal biometric systems
To address the ever-evolving threats, a combination of different biometric modalities like facial/palm recognition, iris scans, fingerprint, and voice recognition potentially offers a reliable, accurate, and higher level of security. An increased authentication accuracy resulting from a multi-modal biometric system would be less negative or false positives/acceptance rates [15]. Such systems thereby become more suitable where there is a need for highly secure environments like banking, healthcare, government services such as law enforcement, military, and border access [5]. Multimodal biometric systems offer significant advantages over unimodal systems by addressing various limitations such as noisy data, questionable sample size, intra-class variations, low error rate, non-universality, poor robustness, and spoof attacks associated [16, 17]. The value additions of multimodal biometric systems include reducing the acceptance or rejection rates, being a means of verification, identification, and resilience against attempts to spoof biometric systems [16].
2.3.2. Artificial Intelligence (AI) and Machine Learning (ML) in biometrics
AI algorithms can reduce false positives/negatives in user verification and in detecting patterns/anomalies in a biometric system, thereby enhancing the system’s accuracy and reliability. This is achieved due to the seamless integration of AI into biometric systems and its ability to learn/train itself from available data, thereby improving decision-making and the ability to identify individuals [5]. AI/ML advancement, such as Convolutional Neural Networks (CNNs), adapts to changes of an individual’s physical appearance due to aging, environmental/lighting variations, or any other style/pose changes, thus ensuring long-term accuracy, making the system smarter and quicker to respond based on user behavior [11].
2.3.3. Integration with IoT devices
One of the latest trends in biometric systems is its integration with the Internet of Things (IoT) to secure everything from smart home devices to wearable technology, such as user authentication to access smart locks, personal health devices, and fitness trackers [5]. This also helps to address privacy concerns as the biometric data template and hashes can be stored, processed, and secured on IoT devices locally [18]. Continuous, secure, and real-time authentication can be done with biometric sensors using heart rate or ECG liveness detection for wearable devices. In the healthcare industry, IoT-based solutions help with remote patient monitoring, and their integration with AI-powered biometrics ensures reliable access control and enhanced privacy to patient data, in addition to patient identification and provisioning them with appropriate treatment. The transportation industry and smart cities with biometric implementation benefit due to secure vehicle access and improved urban security, with user privacy, respectively, while military and government organizations are considering an additional authentication layer with DNA technologies.
2.3.4. Gait analysis – Behavioral biometrics
Gait recognition is one of the behavioral biometrics that analyzes how a person walks by performing image analysis to extract unique walking features or collect walking data such as duration and number of steps, and is also used to assess whether an individual has musculoskeletal injuries and arthritic disorders [19]. In the context of a biometric system for cybersecurity, gait analysis can identify and authenticate an individual based on their unique walking style captured by sensors, machine vision, or wearable devices [19]. Though this method is accepted and includes non-invasive data collection, it faces challenges due to environmental factors and potential security vulnerabilities.
A comparative view of the various biometric authentication approaches
2.3.5. Comparative view
Various studies have consistently shown that multimodal biometric systems perform better than unimodal systems for authentication [11]. Integrating multiple biometric modalities with other biometric authentication approaches reduces FAR (False Acceptance Rate), FRR (False Rejection Rate), and ERR (Equal Error Rate), not only provides accurate results under different environmental conditions but is also quite robust [11, 17, 20]. Overall system reliability is enhanced with multimodal fusions, thus compensating for weaknesses in individual modalities [16], which is further confirmed by studies carried out on a fingerprint and facial recognition multimodal system that achieved 98.2% accuracy with 1.0% EER, outperforming fingerprint-only (96.7%, EER 1.5%) and face-only systems (94.8%, EER 2.2%) [20].
With recent studies on AI-enhanced and continuous authentication approaches, it has been demonstrated that AI-powered biometrics for IoT security has improved accuracy and liveness detection [7, 18], and deep learning-based authentication can detect insider threats in critical infrastructure by analyzing behavioral patterns [6]. User authentication in real time with continuous authentication frameworks leverages multimodal signals and AI monitoring, moving towards a future with multi-factor biometric systems that are intelligent and adaptive, complementing the traditional multimodal fusion with AI, liveness detection, and behavioral monitoring [6, 7, 18, 20].
Given emerging technologies and the cybercrimes associated with biometric systems, Table 1 provides a critical comparative overview of biometric authentication approaches, including their strengths, resistance to spoof attacks, and implementation costs.
2.4. Synthetic biometrics
When handling sensitive personal data, there are challenges in preserving privacy when using the data for analysis or mining to extract details. Other associated challenges include preventing data misuse to ensure fair and impartial decisions, avoiding community discrepancies, and improving data quality for better data mining and decision-making. Any dataset used for analysis that cannot be extracted for utility purposes with minimal effort to obtain the required knowledge or take appropriate decisions is considered to be of poor quality. Having a complete representative and diverse dataset with appropriate anonymity is considered to be of good quality and can be utilized to address the challenge associated with handling privacy vs. utility of data, and misuse of personal data [21]. Techniques like synthetic data, encryption, obtaining informed consents from individuals, legal measures, and other privacy-enhancing technologies are used to prevent data misuse.
Synthetic biometrics is all about generating artificial biometric data, often referred to as synthetic data, which mimics the characteristics of real biometrics and can be used to prevent data misuse. Another application of synthetic biometrics is training the users and testing the biometric systems, thereby enhancing system performance [22]. Over the period synthetic biometrics evolved from mathematical modeling to data-driven neural generative models, conditional generative adversarial (CTGAN) models enabling the creation of synthetic data and improving their realistic properties to help address privacy concerns, minimize any biases associated with dataset, and reduce the efforts required to obtain the diverse samples for large-scale evaluations that can include various modalities like iris scans, facial patterns, fingerprints, and vascular patterns [14, 21]. The most important aspect to be considered is the quality of data generated and models such as CTGAN have components like conditional vectors, which guarantee the data quality that is diverse and can be modelled to address potential security threats [14, 21].
Another advantage of using synthetic biometrics is addressing the anonymity aspect, which is a limitation with real biometric data. Synthetic biometrics creates data samples of virtual individuals that can be exposed to public databases without any legal concerns. This enables synthetic biometric datasets to be used for research purposes, training, testing, and evaluation of systems with diverse samples and attributes like gender, age, ethnicity, etc., thus protecting the exposure of real biometric data for mining or analysis [14]. Other security-enhancing mechanisms include privacy-enhancing technologies such as cancelable biometrics, which transform real biometric data into a secure form that, even if stolen, will not compromise the original data and can be transformed again to safeguard the data. The stolen data cannot be restored to its original state without the transformation key.
2.4.1. Advancements in synthetic biometric data
The use of synthetic biometric data is found to be viable for realistic authentication use, implying gains in terms of data privacy, availability, and efficiency. The study conducted in 2022 by Grosz and Jain, called SpoofGAN [23], demonstrated the utility of both live and spoof synthetic fingerprints to detect spoofing by training the data set with synthetic data and proving that in most scenarios, only 25% of real data was required to obtain the required detection. Few studies have generated fingerprints based on architectures with a conditional GAN. Use of CGAN showcased a 99.47% acceptance rate, preserving privacy and identities with no significant data leakage [24]. Healthcare applications leverage adversarial network techniques to generate biometric synthetic data from faces, irises, and fingerprints that minimizes the risk of data leakage by protecting sensitive information [25]. UserBoost – a system in the behavioural biometric domain demonstrated that synthetic data specific to user gestures can ease the operational overhead and limit the need for real user data by around 40% without impacting the system performance [26].
2.4.2. Research gap
Despite the availability of solid empirical evidence on the use of synthetic biometric data providing better performance for preserving privacy using fingerprints, other biometric domains, and behavioral biometrics, which can support spoof detection, there is no literature available that integrates synthetic biometric data with the different modalities of biometric systems’ to offer enhanced security and mechanisms with which the system can continuously learn and improve itself, to enable detection and prevention of cyber-attacks.
Although each component is validated by prior research, the combination of these components provides an opportunity to address the study’s scope and offers a timely contribution to research and business.
3. Research methodology
3.1. Research design and data collection
This research adopted a qualitative, analytical, and exploratory research approach, with an aim to understand the biometric systems utilization in cybersecurity, data privacy, synthetic biometrics, and privacy-preserving authentication. Due to the exploratory nature of the study, insights are obtained from existing literature [27] and highly credible industry reports and sources online to identify the latest trends, emerging technologies, opportunities, challenges, and verifiable evidence of real-world incidents associated with the use of biometric-based security systems.
3.1.1. Data collection and search strategy
Secondary data used for this research were collected online from academic databases, including Google Scholar, ResearchGate, IEEE, Scopus, ScienceDirect, and reputed professional and government portals such as Wired, Financial Crime Academy, OPM, Ping Identity, and Chaos Computer Club. The search was conducted by combining multiple keywords to ensure complete coverage, including the following.
-
(1)
Biometric systems: “biometric systems in cybersecurity”, “behavioral biometrics”.
-
(2)
Synthetic biometrics: “synthetic biometrics”, “synthetic data”, “inverse biometrics”, “privacy-preserving biometrics”.
-
(3)
Security threats: “spoofing attacks”, “cyber-attacks”, “adversarial attacks”.
-
(4)
Trends and applications: “biometric systems trends in cybersecurity”, “cybersecurity threats in biometric systems and authentication”.
The news articles were selected based on their publication years, limited to 2024–2025, to capture current trends, developments, and emerging real-world threats. The search criteria included publication years set from 2005 to 2025 for peer-reviewed journals, books, and conference proceedings to include the foundational literature and recent studies.
3.1.2. Inclusion and exclusion criteria
The sources reviewed included studies based on the keyword clusters provided in the search criteria and relevant information available in the context of standards, regulatory guidance, and highly credible incident reports. The sources were screened in a staged process, inspired by PRISMA guidelines, with the initial relevance screening conducted by reviewing the titles and abstracts of the returned results. The next stage involved evaluating the full text of the contents to review their quality, methodology, and thematic contribution in alignment with the study scope, and finally identifying and coding the relevant themes emerging from the study.
Contents related to studies on medical biometrics (except for synthetic data) with no relevance to cybersecurity and non-technical articles with opinions from experts, and marketing-related content were excluded. Publications with duplicated information and those that were incomplete were also excluded.
3.2. Thematic analysis
The selected literature was analyzed using Braun and Clarke’s six-phase thematic analysis [28], starting with getting familiar with the data sources from data collection to identify initial patterns, followed by initial coding and grouping them into themes. Initial coding was conducted based on key ideas extracted from the literature, including spoofing, cyberattacks, AI-related threats, vulnerabilities of biometric modalities, liveness detection techniques, continuous and behavioral authentication, privacy regulations, ethical considerations, and synthetic biometric generation and use. The grouped themes were further reviewed and finalized during the final synthesis step for integration into the proposed conceptual framework.
4. Analysis, findings and discussions
Thematic analysis was carried out by identifying themes from the findings, including the threat landscape in biometric-authentication systems, security mechanisms and countermeasures, emerging technology applications of biometric systems, policies and compliance, and synthetic biometrics. In conjunction with the research questions, Table 2 summarizes the study’s findings.
Data analysis – Theme mapping to research questions
4.1. Threat landscape in biometric-authentication systems
While biometric authentication provides a strong, reliable, and secure method of protection against unauthorized access, it remains a target for attackers who are rapidly evolving their techniques, threats such as spoofing, data breaches, identity theft, and by adapting to technological advancements like AI and deep-fake technologies, to exploit vulnerabilities in these systems. As biometric systems are now being integrated into sensitive areas such as finance, healthcare, and government services, the impact of cyber-attacks on these systems is greater, and the likelihood of escalation is higher, underscoring the need for robust, adaptive security measures.
Comprehensive view of the various attack types, countermeasures and their effectiveness
4.2. Security mechanisms and countermeasures
The threats and attack vectors associated with biometric systems require layered security, the major ones including liveness detection, anti-spoofing technologies, AI/ML-based anomaly detection, cancelable/multi-modal biometrics, and secure, encrypted storage. While the attackers are evolving with the technologies, organizations should also ensure they implement security measures and be ready to swiftly adapt to the evolving technologies and have real-time monitoring and adaptive systems that can self-learn/self-heal/self-protect from each attack. While significant technological advances help detect and prevent, there is a need to consider the balance required for security and ease of use of these systems, to avoid processes and systems getting slowed down. Table 3 summarizes the effectiveness of these countermeasures against key attack vectors.
4.3. Emerging technology applications of biometric systems
AI, ML, Cloud solutions, blockchain, etc., are the emerging technologies that can enhance biometric systems and the authentication/authorization process. User recognition/verification accuracy can be improved with AI/ML models, given the large datasets available for training. With blockchain technology, biometric data can be decentralized and securely stored, thereby minimizing the risks of data breaches or theft associated with centralized databases. However, the new technologies, such as cloud-based and AI-driven systems, present new attack surfaces, challenges associated with technical scalability, and ethical concerns around informed consent, profiling, surveillance, and algorithmic bias, which must be addressed via governance and ethical frameworks.
4.4. Policy and compliance implications
Biometric data being highly sensitive, must focus on data privacy-related regulations and be compliant with data protection frameworks such as the EU GDPR, BIPA (Illinois Biometric Information Privacy Act), etc., in terms of data storage and transmission policies. Moreover, the difference in privacy laws and data protection requirements across borders necessitates the biometric designs to follow guidelines as per international standards and ensure compliance. Regulatory and compliance bodies should also ensure that the policies are refined and reviewed regularly to address the potential scope for cyber-attacks with the rapidly growing technological advancement, and also to address ethical adoption across to ensure issues around bias, data ownership, and consent are taken care of.
4.5. Synthetic biometrics
Synthetic biometrics is definitely one of the futuristic approaches to protect biometric data from privacy-related risks. The two distinct purposes of using synthetic data are to support the training and testing of AI models in the event of a system or data breach, to protect individuals’ identities, and to enable privacy-preserving authentication, which can revolutionize secure authentication. Considering that the data is created from virtual or non-existent individuals, synthetic biometrics is useful.
-
(1)
Training and testing for AI models: Synthetic biometric data is an alternative to limited real-world datasets, enhancing the robustness and generalizability of AI-based models [12, 14, 21, 22]. The generation of diverse and distinct biometric variations with the synthetic datasets helps prevent overfitting, improve model accuracy, and minimize data scarcity issues, thus reducing dependency on sensitive personal data. DeepMasterPrints [12] demonstrated how AI-generated fingerprints could be used to train models for improved recognition performance. Although it is an effective approach for model development, synthetic data should be mimicked to reflect real-world scenarios, considering all aspects of real-world scenarios, to minimize biases, glitches, and unrealistic patterns that could degrade system performance or model outcomes.
-
(2)
Privacy-preserving authentication: Synthetic biometrics enable systems to authenticate users without storing or exposing individuals’ personal and sensitive biometric templates [14, 21], which can be used to verify user identity. Organizations can use this technique to reduce the risk of biometric templates being leaked or stolen, thereby addressing key privacy and compliance concerns. Although integration challenges such as avoiding false rejections and maintaining realistic information exist. Synthetic templates must be secured and maintained to prevent attackers from exploiting and predicting the synthetic patterns generation process [10, 14].
Although synthetic biometrics technology is still emerging, it has its own advantages, and any implementation using it is not without risks. Over-reliance on synthetic data could reduce system resilience if real-world variations are not completely represented. Additionally, there are risks posed by adversaries targeting AI systems with synthetic data through adversarial attacks [11]. Considering the advancements in technology and the need for standardization, validation, and clarity regarding compliance/regulatory aspects, this approach ensures greater trust and adoption. Successful adoption of the technology requires careful integration with real biometric modalities, robust liveness detection, and secure handling protocols to ensure both accuracy and privacy, although there are downsides resulting from the evolutions in AI/ML, which can be used to generate data in bulk and trigger spoofing attacks or for malicious purposes. Additionally, the distinctions between training/testing uses and operational privacy-preserving applications must be accounted for and implemented appropriately to avoid any confusion with stakeholders regarding system capabilities and limitations. Care should be taken to ensure that frameworks are incorporated that can detect bias and can also be used for audit.
5. Proposed conceptual framework
As part of the study, a high-level conceptual framework (depicted in Figure 2) has been proposed to guide future research incorporating user perspectives.
![]() |
Figure 2. Proposed conceptual framework |
The framework concludes that this has been part of the findings and conceptualizes biometric authentication systems (fingerprint, facial/iris/voice recognition, gait, etc.) and synthetic data (virtual user identities) as multi-layered security mechanisms. With the multi-layered security approach, the physiological and behavioral biometric modalities interact with liveness detection, synthetic data, and security mechanisms used to detect threats, ensuring regulatory compliance, organizational readiness, and availability of infrastructure as an enabler. The framework specifies the contribution of each component towards resilience and does not assume that biometrics alone can increase user trust. The biometric inputs provided by users are first verified for liveness to prevent spoofing attacks, while synthetic biometric templates support privacy-preserving authentication, ensuring no real biometric data is exposed to the outside world or attackers.
The interactive components in the framework depicted in Figure 3, entails the use of AI/ML models for continuous monitoring to detect anomalies, adversarial attacks, and insider threats, in compliance with regulatory policies and data privacy standards, to provide a feedback mechanism and carry out system configuration updates by learning on a continuous basis, in case any attacks or incidents are detected. The holistic integration and interactions of the framework, based on the thematic analysis outcomes, explain how biometric systems can enhance security, improve user trust, and provide privacy safeguards that are also visible to users, thereby improving organizational resilience and operational efficiency. The policy and governance framework is horizontal across the entire framework, and the feedback mechanism primarily supports retraining the AI models, updating the generation of synthetic data parameters, and the thresholds for liveness detection.
![]() |
Figure 3. Interactive components entailed in the proposed conceptual framework |
The model proposed in this study provides a foundation for designing the system and for future empirical research that can enable researchers to derive testable hypotheses based on the propositions listed below.
-
(1)
P1: Biometric systems that are set up with multilayered security mechanisms, such as liveness detection, threat modeling, and continuous feedback, are more effective at detecting and preventing cyber threats than single-layer systems.
-
(2)
P2: The use of privacy-preserving synthetic biometric templates increases user trust by reducing concerns about biometric misuse and identity theft.
-
(3)
P3: Biometric systems with multilayered security mechanisms with explicit user-facing visual indicators and data privacy safeguards increase user trust and acceptance rates.
-
(4)
P4: The combined use of synthetic biometrics and multilayered security enhances security, trust, and efficiency compared to traditional biometric systems.
These would also help practitioners and businesses understand how to integrate biometric components securely, responsibly, and in compliance with global regulatory standards.
6. Conclusion and research/business contributions
The research started with an objective to study the current state of biometric-based systems for detecting and preventing cyber-attacks and to understand the privacy-preserving biometric techniques that can be leveraged to address privacy concerns. As part of the study, it was revealed that biometric-based systems are one of the most powerful systems due to their inherent uniqueness to defend systems from cyberattacks and also provide preventive measures to address password breaches. These systems, though, are inherently used to prevent unauthorised access, are not immune to cyber-attacks and evolving threats like spoofing, identity theft, or template inversions and thus need to be resilient enough to adapt to the evolving technological advancements and incorporate protection mechanisms. Some of the challenges arising from technical vulnerabilities can be addressed by ensuring the systems have robust multi-modal and behavioural biometrics implemented, though any kind of implementation should also consider the trade-off required in terms of ease of use/operation of the system and enabling security. Some of the strategic implementations that can be considered to enable multi-layered security mechanisms include liveness detection with tracking eye/body movement, heartbeats, etc., cancelable biometrics, and encrypted template storage. These defence mechanisms, if clubbed with strong governance and regulatory compliance in alignment with the data privacy and protection laws, can lead to growth in the use of biometric systems in all of the modern cybersecurity landscapes. One important aspect to be considered is infrastructure scalability, and adaptation to the latest technological advancements should be one of the key determining/enabling factors.
While technologies such as AI/ML, edge computing, blockchain, and cloud architectures are transforming all business operations, integrating with biometric systems can enhance protection against cyberattacks. AI/ML technologies revolutionize synthetic biometrics, generating virtual data as required across different modalities for testing and training various systems. These generated data serve as a privacy-preservation technique, as they don’t reveal individual identity, thereby offering a privacy-first design approach, and can be integrated with biometric encryption.
The existing literature provides insights into components such as biometric and different layered authentication architectures, synthetic biometric data generation, and privacy-preserving learning. However, the research gap in the absence of an integrated approach across these components remains, especially given that applications and organisations are opting for biometric technologies and that there is a huge demand for biometric systems, thereby creating high-risk, data-sensitive environments.
The study proposes a conceptual framework to address the gap, integrating the major aspects of this research, offering a novel theoretical foundation of biometric systems with a focus on balancing security and privacy without degrading the performance:
-
(1)
Synthetic biometric data to reduce privacy risk, address data scarcity, and support scalable system development;
-
(2)
Multilayered biometric security systems for a resilient system to detect and prevent cyber-attacks;
-
(3)
Feedback mechanisms for continuous learning and system improvement, to build user trust, and enhance operational efficiency.
Overall, while biometric systems used for authentication and authorization are one of the powerful frontiers in cyber defense, the effectiveness of this system totally depends on having innovative approaches on a continuous basis to enhance the systems ethically to safeguard an individual’s personal identity data, while in alignment with all the government, regulatory and privacy-focused policies. The conceptual model thereby offers a theoretical foundation with propositions for future innovations and research in this technologically evolving field. It is a pretext to ensure that biometric security systems become among the sought-after, secure, robust, trustworthy, and adaptable systems in the complex cyber landscape.
6.1. Contributions to business and research
6.1.1. Business contribution
The study provides insights into the use of biometric systems like fingerprint, facial recognition, voice, etc., as single or multi-modal options, synthetic biometrics and how these can be used for cybersecurity to detect and prevent cyber-attacks, which can be leveraged by businesses to strengthen their defence mechanisms against threats such as spoofing, identity theft, etc. Businesses adopting biometric authentication and integration of the same with IoT devices, AI/Cloud, which can detect threats in real-time and smartly prevent any misuse of the devices, can enhance their customer experience. Study emphasises that organizations should not limit the usage of these systems only for compliance and security, instead, leverage the aspects of sensitive information protection and focus on building user trust, improving operational efficiency, and being resilient by adapting and adopting to the ever-changing technology and threats. Further organizations building systems and products utilising synthetic biometrics in privacy preservation with the latest technologies can be a differentiator in the market and obtain a competitive advantage, due to strong authentication and data privacy offerings.
6.1.2. Research contribution
In the context of research, the study provides an ample amount of information with respect to biometric systems, current trends in this technology, and how it can be leveraged in cybersecurity. The literature review conducted collates a good amount of information on various threat landscapes, including the latest technological ones like AI-based deepfakes, prevention mechanisms, including the various means to protect individual identity data and user privacy, with the integration of synthetic biometrics. It also identifies emerging gaps in existing literature in terms of privacy-preservation of user identity and provides avenues for future research scope. The study also covers the latest emerging technological trends, such as AI/ML, blockchain, edge computing, etc., and enhances biometric-based cyber defense mechanisms.
6.2. Limitations of the study and future scope
The current study is based on secondary data sources, looking at the available papers and articles online, so the insights obtained are predominantly based on their accuracy and currency. No primary data via surveys or interviews were collected since this study is based solely on secondary data. There would have been additional hands-on research, experiments, and technical implementations that were conducted in a lab environment, which are not considered or for which the results are not available on public forums.
From a future perspective, research can be carried out to prove the theories proposed as part of the study in conjunction with the proposed framework, and additionally, in the following areas, apart from including the demographic, inclusivity, and accessibility aspects, the results of which are likely to differ and provide actionable insights for business and researchers to provide a secure solution in terms of biometric devices and processes:
-
(1)
To study the perceptions of users on their trust in AI-made decisions based on deep-learning biometric systems that analyze behaviors/gait;
-
(2)
To understand user comfort in operating/accessing the biometric systems that conduct continuous authentication/monitoring, and to understand;
-
(3)
To study user awareness on the use of synthetic data, either as part of training or security, and understand their perceptions on the trust in the usage of the system and its impact on privacy preservation;
-
(4)
To experiment with integrating multimodal approaches with synthetic data and enable researchers to compute FRR, FAR, and ERR comprehensively and in a structured manner, thereby helping simulate, analyze, and prevent potential cyberattacks;
-
(5)
The study can be further expanded as interdisciplinary research for biometric authentication, converging legal in the context of privacy laws, ethical in the context of data surveillance and usage, and social dimensions in the context of how the users use the systems and what they perceive or have experience in terms of trusting or continuing to use these systems.
Funding
This research received no external funding.
Conflicts of interest
The authors declare no conflicts of interest.
Data availability statement
No data has been collected from any users as part of this study.
Author contribution statement
Pravitha Vijaykumar has conceptualized the study, research methodology, and conducted the analysis. Pradnya Kashikar has provided their guidance, review feedback, and inputs at each stage of the study.
Acknowledgments
The authors would like to express their sincere gratitude to the university and their supervisor for providing the opportunity to conduct this research and for their continuous guidance, insights, and encouragement throughout the study.
References
- Gupta H and Chauhan K. Role of biometric security for the enhancement of data security. Int J Comput Technol 2015; 14: 6184–6189. https://doi.org/10.24297/ijct.v14i10.1832. [Google Scholar]
- Debas EA, Alajlan RS and Rahman MMH. Biometric in cyber security: A mini review. In: 2023 International Conference on Artificial Intelligence in Information and Communication (ICAIIC). IEEE, 2023, 570–574. https://doi.org/10.1109/ICAIIC57133.2023.10067017. [Google Scholar]
- Nebreda P. The role of biometrics in cybersecurity: Threats and solutions. Alice Biometrics, 2023. [Google Scholar]
- Boonkrong S. Authentication and Access Control. Berkeley, CA: Apress, 2021, 133–162. [Google Scholar]
- Ughade N. Future of biometrics: Trends, innovations, and challenges ahead. HyperVerge, 2025. https://hyperverge.co/blog/future-of-biometrics/. [Google Scholar]
- Budžys A, Kurasova O and Medvedev V. Deep learning-based authentication for insider threat detection in critical infrastructure. Artif Intell Rev 2024; 57: 272. https://doi.org/10.1007/s10462-024-10893-1. [Google Scholar]
- Ping Identity. What is continuous authentication? (n.d.). https://www.pingidentity.com/en/resources/identity-fundamentals/authentication/continuous-authentication.html. [Google Scholar]
- U.S. Office of Personnel Management. Cybersecurity Resource Center, (n.d.). Retrieved April 20, 2025, from https://www.opm.gov/cybersecurity-resource-center/#url=Cybersecurity-Incidents. [Google Scholar]
- Kumar S. Biometric systems security and privacy issues, 2024, 68–91. https://doi.org/10.1201/9781032614663-4. [Google Scholar]
- Marasco E, Shehab M and Cukic B. A methodology for prevention of biometric presentation attacks. In: Latin-American Symposium on Dependable Computing, 2016, 9–14. https://doi.org/10.1109/LADC.2016.13. [Google Scholar]
- Wang X, Yan Z, Zhang R, et al. Attacks and defenses in user authentication systems: A survey. J Netw Comput Appl 2021; 188: 103080. [Google Scholar]
- Newman LH. Machine learning can create fake ‘master key’ fingerprints. Wired 2018. https://www.wired.com/story/deepmasterprints-fake-fingerprints-machine-learning/. [Google Scholar]
- Chaos Computer Club. Chaos Computer Club breaks Apple TouchID, 2013. https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid. [Google Scholar]
- Makrushin A, Uhl A and Dittmann J. A survey on synthetic biometrics: Fingerprint, face, iris and vascular patterns. IEEE Access 2023; 11: 33887–33899. https://doi.org/10.1109/ACCESS.2023.3250852. [Google Scholar]
- Financial Crime Academy. Game-changing technology: The advancements in biometric authentication systems. Financial Crime Academy, 2025. https://financialcrimeacademy.org/biometric-authentication-systems/. [Google Scholar]
- Dargan S and Kumar M. A comprehensive survey on the biometric recognition systems based on physiological and behavioral modalities. Expert Syst Appl 2020; 143: 113114. https://doi.org/10.1016/j.eswa.2019.113114. [Google Scholar]
- Farik M. A review of multimodal biometric authentication systems. Int J Sci Technol Res 2016; 5: 5–9. [Google Scholar]
- Awad AI, Babu A, Barka E, et al. AI-powered biometrics for Internet of Things security: A review and future vision. J Inf Secur Appl 2024; 82: 103748. [Google Scholar]
- Gupta P, Singh R, Katiyar R, et al. Biometrics system based on human gait patterns. Int J Mach Learn Comput 2011; 1: 389–392. [Google Scholar]
- Varshney K, Chelse A, Parasher A, et al. Digital identity management using biometric systems: BioTrace. J Inf Syst Eng Manag 2025; 10. [Online]. Available: https://www.jisem-journal.com/. [Google Scholar]
- Majeed A. Attribute-centric and synthetic data based privacy preserving methods: A systematic review. J Cybersecur Priv 2023; 3: 638–661. [Google Scholar]
- Yanushkevich S. Synthetic biometrics: A survey. In: 2006 International Joint Conference on Neural Networks. IEEE, 2006, 676–683. https://doi.org/10.1109/IJCNN.2006.246749. [Google Scholar]
- Grosz SA andJain AK. SpoofGAN: Synthetic fingerprint spoof images. arXiv preprint arXiv:https://arxiv.org/abs/2204.06498, 2022. [Google Scholar]
- Abbas SK, Purnapatra S, Murshed MGS, et al. Conditional synthetic live and spoof fingerprint generation. arXiv preprint arXiv:https://arxiv.org/abs/2510.17035, 2025. [Google Scholar]
- Khadidos AO, Manoharan H, Khadidos AO, et al. Synthetic healthcare data utility with biometric pattern recognition using adversarial networks. Sci Rep 2025. (PMCID: PMC11928505) (Nature). https://doi.org/10.1038/s41598-025-94572-3. [Google Scholar]
- Webber G, Sturgess J and Martinovic I. UserBoost: Generating user-specific synthetic data for faster enrolment into behavioural biometric systems. arXiv preprint arXiv:https://arxiv.org/abs/2407.09104, 2024. [Google Scholar]
- Ugwu CN and Eze VHU. Qualitative research. ResearchGate, 2023. https://www.researchgate.net/publication/367221023_Qualitative_Research. [Google Scholar]
- Braun V and Clarke V. Using thematic analysis in psychology. Qual Res Psychol 2006; 3: 77–101. https://doi.org/10.1191/1478088706qp063oa. [CrossRef] [Google Scholar]

Pravitha Vijaykumar is currently pursuing a master’s degree at Birla Institute of Technology and Science, Pilani campus in India, and a doctoral degree at GlobalNxt University in Malaysia. Her research interests are artificial intelligence, supply chain processes, cybersecurity, and higher education.

Pradnya Kashikar is a cybersecurity researcher and educator working as Adjunct Faculty at BITS Pilani, in addition to being the founder of TalentPro Training & Consulting Services and a recipient of the Woman Achiever Award. With a Ph.D. in Technology Management and Cybersecurity, she conducts research on network intrusion detection, cybersecurity, digital forensics, and critical infrastructure protection.
All Tables
Comprehensive view of the various attack types, countermeasures and their effectiveness
All Figures
![]() |
Figure 1. Categorization of biometrics system |
| In the text | |
![]() |
Figure 2. Proposed conceptual framework |
| In the text | |
![]() |
Figure 3. Interactive components entailed in the proposed conceptual framework |
| In the text | |
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.


