biometrics

[Perry E. Metzger]

"cryptography at summitsecurity.org" <cryptography at summitsecurity.org> writes:
> Not wanting to have extended contest over this,

I'm afraid I'm not letting it drop.

> but all these absolutes in
> the comments are just too simplistic. Devices can be made as
> tamper-resistant as the threat- and value-model required.

No, they can't. That's an engineering hope, not an engineering
reality. The hope you're expressing is that "well, maybe we can't make
it impossible to break this design, but we can make it cost more to
break the system than breaking it will bring the bad guy, and we can
do that without said tamper-resistance costing us more than we can
afford."

This is a seductive idea since it is an exact analog of the usual
"make it economically infeasible to break the key" arguments one hears
in crypto, but there is a big difference -- the very, very big
assumption that this can be done.

In crypto, it is easy -- you're making an exponential tradeoff between
key length and cracking time -- simplisticly, there are situations
where adding bits to a key makes it exponentially harder to brute
force break while often only linearly or at most polynomially more
expensive to use, so you can trade off breaking expense against usage
expense very easily.

However, in biometrics, the assumption that you can just make it
"economically infeasible to break" at low cost is is an assumption
that is, generally, horribly wrong. Adding another two mm of steel to
the casing around the camera doesn't make it appreciably more
tamperproof, and neither does coating the camera in epoxy no matter
how neat it is to show the investors.

We certainly would *wish* it to be the case that simple measures would
make it exponentially harder to break biometric sensors, but wishing
doesn't make engineering come true. Just because we would like there
to be such designs doesn't mean they exist, and sadly they don't.

> I have worked a lot with zeroizing devices.  It's really No Big
> Deal.  Smartcards are tamper PROTECTED.

Such tamper protections fairly consistently fail. I'm unaware of any
smart card system that has survived a serious assault. As for costs,
the smart card hacks of the last few years tend to indicate that smart
cards are pretty cheap to hack, too.

> A ccd retinal scanner can include cryptographic protections onchip.

I have yet to see a biometric scanner that would be difficult to hack,
and I have very few ideas on how you could make it hard to
hack. Putting "cryptographic protections onchip[sic]" sounds like a
lovely idea, except it is both meaningless and useless -- meaningless
because we've seen over and over again that you can inexpensively
force devices to disgorge keys with fairly standard laboratory
equipment, useless because you can simply feed the sensors what they
want to hear since they are of necessity dependent on what the outside
world is telling them. I have yet to observe a way to public key
encrypt photons your light source shines out so you can be sure
they're not tampered with before they return from an iris.

> C'mon, depending on "is-ness" is exactly the same cat-and-mouse game
> as authentication technologies that depend on "have-ness" and
> "know-ness" attributes.

I have no idea what the heck you're talking about there. Perhaps you
do, perhaps not.

> All have strengths and weaknesses.

The "economically unfeasible to break" argument is a HOPE, not an
objective reality. You can HOPE your system costs too much to break,
but most of the time our evidence is that you simply haven't been
around a sufficiently clever attacker during your design phase, and it
only takes one sufficiently clever attacker mentioning how to do it
for your system to fall.

Biometrics are not a reasonable way to defend financial systems or
other systems where costs of security failure are high unless said
biometrics are under physical control. If your retinal scanner is sent
off site, you have no way to know what it is telling you has any
connection with reality thereafter.

> A PROPERLY DESIGNED system provides a level of assurance commensurate with
> the value and threat models -

No, you HOPE that it is possible to design systems that can, without
excess expense, achieve any given level of assurance against
tampering, but the world has yet to back up this idea, any more than
the world has been able to produce magically copy protected software
or music, or magically secure operating systems, or other forms of
magic people are constantly swindled on.

Just because sometimes engineering gets nice clean tradeoffs (like in
key length) doesn't mean it always gets them. You just wish it
did. Wishing doesn't make it true.

> That is all most certainly achievable, to essentially any desirable
> assurance level, modulo some dollar amount.  Anyone claiming
> otherwise is simply wrong  :)

I suppose since I'm simply wrong then, so would you be so kind as to
tell me where I can buy the magic iris scanner that I can't break into
with a little work in a reasonably equipped lab? I'd also like to know
where to find the smart cards that haven't fallen to quite inexpensive
assaults, since I'm unaware of them either.

Biometrics is all about convenience, and the silly thing about all of
it is not only doesn't it work, it doesn't in practice add
convenience, either. They are, however, a wonderful way for people to
try to sell their systems as cool and high tech, so we unfortunately
see the the idea disinterred from its grave over and over.

--
Perry E. Metzger		perry at wasabisystems.com
--
NetBSD Development, Support & CDs. http://www.wasabisystems.com/



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com