biometrics

Bill Frantz frantz at pwpconsult.com
Wed Jan 30 20:25:51 EST 2002 

At 5:13 AM -0800 1/30/02, <pasward at big.uwaterloo.ca> wrote:
>Bill Frantz writes:
> >
> > What would be really nice is to be able to have the same PIN/password for
> > everything.
>
>Do you really mean that?  Sure, if I only have to remember one thing
>it is easier for me.  It is also a complete nightmare if it is ever
>compromised.

It may be that we gain more from having this data not written down than we
lose from the "compromise one, compromise all" problem.  For things like
credit/debit/ATM cards, you probably don't increase the risk too much by
using the same PIN for all of them.  I admit that I use the same password
for all those web sites that simply must have a username and password for
their own reasons, and not to secure anything of mine.  For web sites like
Amazon that want to remember a credit card number for you, I generally
choose a password that even I can't remember (and paste it into both the
entry and verification windows).  This means I must set up a new account
for every purchase, but that doesn't happen very often.

I think Ben is thinking in the right direction when he writes:

>This is why you need to carry your verifying equipment around with you -
>a PDA with a decent OS is the way to go, IMO.

Lets assume a PDA/smart card with a fingerprint reader for the sake of
argument.  The device keeps one or more secret keys used to sign
challenges, and only signs them if the fingerprint has been recently
verified.  (Perhaps using the infrared link, you put it near the point of
sale computer or you web browsing computer.  The computer sends it the
challenge and an indication of which public key will be used to verify the
authorization.  The device shows you your name for the keypair being used,
and asks you to press the fingerprint reader to authorize (or click NO to
reject authorization).)

If we accept Dr. Denning's criterion that the biometric data must be
public, anyone who steals this device can, with enough work, fool it into
accepting a false finger print.  Even with this weakness, such a device is
more secure than the current credit card system.

If instead of using biometric identity, we use some kind of pass
phrase/PIN, we introduce the risk of shoulder surfing, and brute force
attacks against the hash(salt || PIN) stored in the device.

It may be easier to just extract the signing keys from the device rather
than perform the above attacks.  If we can build the device so it resists
attacks long enough for the user to notice that it is missing, and notify
the verifiers, then the above attacks become less of a problem.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list