Levels of security according to the easiness to steel biometric data
Philipp Gühring
pg at futureware.at
Wed Apr 2 12:46:44 EDT 2008
Hi,
> QUESTION: Does anybody knows about the existence of a
> security research in area of grading the easiness to
> steel biometric data.
There are several relevant threats:
* Accidental leaking the biometric data (colour-photos for face, fingerprints
on glasses for fingers, public documents for human signature)
* Intentional stealing of biometric data (cellphone cameras, hidden
cameras, ...)
> For example, I guess that stealing information of
> someone's "face" is easier than stealing information
> about someone's "fingerprints",
Depends.
Stealing fingerprints is easy if you hand the target person a glass of water.
With "face" you have to differentiate between the different kinds of faces.
Taking colour photos of faces is easy. Taking infrared photos of faces, or
taking 3D scans of faces, ... is much harder.
> but stealing information about someone's "retina"
> would be much harder.
Yes, stealing retina is harder. (It's even harder in the normal usage ...)
> Such a scale can be useful in the design of secure
> protocols and secured information systems.
Yes. Choosing the right biometrics for the right application, implementing it
correctly and educating/training the users properly can be challenging.
But in the end, you can steal any biometric data if you really want to.
(Take a look at the film Gattaca to see how this can be done in practice.
I didn't noticed any technically really unrealistic things in the film
Gattaca.)
Another important question is whether you can apply a faked/copied biometric
at a certain place. It could be difficult to mount an attack with a full face
mask at a guarded entrypoint. But applying fake fingerprints is far less
noticable for guards.
(It might be easy to steal the face, but you can't apply it due to all entries
being guarded)
Tamper evidence, Tamper protection, Tamper proof, Tamper resistance ...
As usual, it depends on your threat-models, on your environment, on your
resources, on your enemies, ...
Best regards,
Philipp Gühring
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list