biometrics

lynn.wheeler at firstdata.com lynn.wheeler at firstdata.com
Tue Jan 29 19:39:44 EST 2002 

being able to trust the hardware token and the entering of the data ... in
the secret, but non-shared secret paradigm ... can apply equally to
pin/password and biometric (i.e. the information is only communicated
between the person and their hardware token with no evesdropping) ... aka
to some extent "something you know" and "something you are" can have
effectively similar handling and requirements as long as the paradigm is
the same .... aka "shared-secret" paradigm and "secret" paradigm.

both "something you know" and "something you are" have various "leakage"
scenarios.

there have been a number of "leakage" scenarios recently in the press with
regard to magstripe debit cards where both the magstripe contents and the
pin both leak (and subject to harvesting in quantity).
The issue with magstripe is that techniques are fairly readily available to
produce counterfeit magstripe cards (defeating the "something you have")
and those techniques harvest both the magstripe and the PIN at the same
time (also defeating the "something you know").

Going to a chip card much more difficult to counterfeit would inhibit a lot
of the huge fraud ROI .... reducing it much more to stealing individual
cards (defeating "something you have" becomes significantly more difficult
than some of the current compromises involved in recording magstripe info &
making a counterfeit card).

A question then is it harder to defeat "something you are" by lifting
fingerprint off a stolen card ... than it is to defeat "something you know"
by reading the PIN written on a stolen card?

If you chose a finger that has low probability to be involved in handling
the card .... then there is much lower probability that "something you are"
is defeated by lifting fingerprint off of stolen card (and using it).

If you have a single card that is used for all you authentication events
and there is the same PIN/password ... and there are no other PIN/passwords
in your life ... it would also increase the probability that you would
remember it w/o forgetting (and feel the need to write it on the card).




frantz at pwpconsult.com on 1/29/2002 2:14 pm wrote:

Or to state it another way.  These cards attempt to use two factor
authentication, what you have (the card) and what you know (the PIN).  When
a user writes the PIN on the card, it becomes one factor authentication.
Almost anything that returns it to being two factor security would be an
improvement.  (Biometrics offers the possibility of 3 factor
authentication.

What would be really nice is to be able to have the same PIN/password for
everything.  With frequent use, forgetting it would be less of a problem,
as would the temptation to write it down.  However, such a system would
require that the PIN/password be kept secret from the verifier (including
possibly untrusted hardware/software used to enter it.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA








---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list