I-P: WHY I LOVE BIOMETRICS BY DOROTHY E. DENNING

R. A. Hettinga rahettinga at earthlink.net
Sat Jan 19 18:50:51 EST 2002 

--- begin forwarded text


Status:  U
Date: Fri, 18 Jan 2002 14:30:09 -0500
From: Matthew Gaylor <freematt at coil.com>
Subject: I-P: WHY I LOVE BIOMETRICS BY DOROTHY E. DENNING
Sender: owner-ignition-point at theveryfew.net
Reply-To: Matthew Gaylor <freematt at coil.com>


<http://www.infosecuritymag.com/articles/january01/columns_logoff.shtml>


January 2001


SECURITY STRATEGIES FOR E-COMPANIES

WHY I LOVE BIOMETRICS

It is "liveness," not secrecy, that counts.

BY DOROTHY E. DENNING

I'm a big fan of biometrics. I'm tired of trying to remember umpteen
zillion account names and passwords in order to use the computers in
my office, browse my favorite Web sites and update the Web sites I
manage. I long for the day when computers will automatically
recognize me and handle the identification and authentication
function with little effort on my part.

I make lots of security-related presentations, and when I tell all of
this to an audience, someone inevitably asks, "What happens if
someone snatches the biometric print used to validate you? Couldn't
they just replay your biometric and pretend to be you? And wouldn't
that make your biometric useless?"

My response is, "No." A good biometrics system should not depend on
secrecy. To understand why, think about how biometrics work in the
physical world. Your friends and colleagues authenticate you by
recognizing your face, voice, eyes, hands and so on. None of this is
secret. Anyone who interacts with you sees these characteristics.
Even your fingerprints can be lifted from surfaces.

What makes biometrics successful is not secrecy, but rather the
ability to determine "liveness." I can easily distinguish the living,
flesh-and-blood you from a statue or photograph of you, or even
someone wearing a costume and mask that looks like you. If I don't
know you well, I might be fooled by a lookalike, but in the
non-Mission Impossible real world, the system generally works. If I
don't know you at all, I might ask for a photo ID. But I would use
such a photo only because I lack knowledge of your appearance. I
authenticate you by comparing your live face against the photo, not
by comparing one photo against another. For further proof, I may
watch you sign your name and compare the live signature against the
one on your ID card.

The same principle applies in the digital world. Your biometric
prints need not be kept secret, but the validation process must check
for liveness of the readings. Many biometric products work this way.
For instance, the Sensar iris-recognition system from Iridian
Technologies (www.iridiantech.com) looks for the "hippus
movement"-the constant shifting and pulse that takes place in the
eye. The liveness test ensures that the reading is fresh, so an
adversary can't replay a previously recorded reading.
This is the beauty of biometrics. Other forms of user
authentication-including passwords, tokens and encryption-all depend
on protecting a secret or device from theft. Once that secret or
device is compromised, the system fails until a new one is
established. Moreover, these methods typically require users to hold
a different secret with each and every device or service they use,
thereby burdening the user. Imagine if every time you greeted a
friend or colleague, you had to use a new secret handshake!

Testing liveness is reasonably straightforward if the biometrics
reader senses appropriate characteristics and is tightly coupled with
the validation process and database of biometric prints. If the
reader is remote from the validation process and database, encryption
can be used to provide a secure path connecting the components. The
encryption system, obviously, should protect against replays.
Encryption can also be used to pass credentials from one system to
another. For example, once my smart card validates my fingerprint, it
may use a private signature key on the card to authenticate me to
services that use my public key for authentication. Of course, the
encryption system itself requires secret keys, but in this context,
the secrets may be less prone to compromise because they don't have
to be known by humans.

Biometrics can be applied not only with human users, but also with
locations. For example, technology from CyberLocator
(www.cyberlocator.com) authenticates geodetic location by capturing a
location signature from GPS signals in a way that ensures liveness.
No secrets are required. One could imagine using biometrics to
authenticate places or anything else with distinguishing
characteristics that exhibit a form of liveness.

In addition to liveness, a biometrics system also depends on
uniqueness. Otherwise, it may be subject to false accepts or rejects.
Some forms of biometrics are better than others in this regard-iris
recognition being one of the best.

Questions about privacy abuse aside, biometrics is likely to be the
way of the future. I can't wait to get rid of my gazillion passwords.

__________________________________________________________________________
Distributed without profit to those who have expressed a prior interest in
receiving the included information for research and educational purposes.
---

**************************************************************************
Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
Send a blank message to: freematt at coil.com with the words subscribe FA
on the subject line. List is private and moderated (7-30 messages per week)
Matthew Gaylor, (614) 313-5722  ICQ: 106212065   Archived at
http://groups.yahoo.com/group/fa/
**************************************************************************

------------
FAIR USE NOTICE:  This contains copyrighted material, which is reproduced
under the Fair Use Provision of Title 17, U.S.C. Section 107, and is posted
for purposes such as criticism, comment, news reporting, teaching,
scholarship, or research. This material is posted without profit for the
benefit of those who, by accessing this site, are expressing a prior
interest in this information for research and educational purposes. For
more information, please see: http://www.law.cornell.edu/uscode/17/107.shtml


============
To UNSUBSCRIBE from the ignition-point list, send email to:
majordomo at theveryfew.net
In the body of the message, include only the line:
unsubscribe ignition-point <your address>

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list