I-P: WHY I LOVE BIOMETRICS BY DOROTHY E. DENNING

Bill Frantz frantz at pwpconsult.com
Tue Jan 22 16:41:18 EST 2002


At 3:50 PM -0800 1/19/02, R. A. Hettinga quoted Dorothy Denning:
>My response is, "No." A good biometrics system should not depend on
>secrecy. ...
>
>What makes biometrics successful is not secrecy, but rather the
>ability to determine "liveness." ..
>
>The same principle applies in the digital world. Your biometric
>prints need not be kept secret, but the validation process must check
>for liveness of the readings. Many biometric products work this way.
>For instance, the Sensar iris-recognition system from Iridian
>Technologies (www.iridiantech.com) looks for the "hippus
>movement"-the constant shifting and pulse that takes place in the
>eye. The liveness test ensures that the reading is fresh, so an
>adversary can't replay a previously recorded reading. ...

It seems that this situation is true only if you can trust the device
reading the biometric data.  In the case an ATM, or a building entry
system, this trust is reasonable.


>Testing liveness is reasonably straightforward if the biometrics
>reader senses appropriate characteristics and is tightly coupled with
>the validation process and database of biometric prints. If the
>reader is remote from the validation process and database, encryption
>can be used to provide a secure path connecting the components. The
>encryption system, obviously, should protect against replays.

However, encryption will buy you nothing if the biometric reading device is
compromised or faked.  If an attacker can take the freshness challenge from
the other end of the connection, along with your public biometric data (say
an iris pattern), then it can simulate an uncompromised device in
responding with your "credentials".

Now there may be enough physical security in many places to be able to
place reasonable trust in the devices which are installed there.  However,
it strains my belief that we will be able to trust the devices in every
Internet Cafe in the world.

>Encryption can also be used to pass credentials from one system to
>another. For example, once my smart card validates my fingerprint, it
>may use a private signature key on the card to authenticate me to
>services that use my public key for authentication.

Unless your smart card has a fingerprint reader, it must trust the finger
print reader it uses.  An attacker can feed your smart card your public
finger print data, responding to any freshness challenge your card may use,
and get your card to authenticate someone else as you.  It seems to me in
this scheme, you must protect your smart card in much the same manner as
you protect your credit cards.  (Note that the smart card scheme is better
than the credit card because, the secret data is not transmitted over a
network like the credit card number.  Modulo breaking the smart card
protection, an attacker will need physical access to the card.)

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list