Date: Sun, 31 Jul 2016 00:45:52 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Biometrics? No, Thanx. It has become a dangerous fad to talk about biometrics as a replacement for the traditional authentication methods. It is often claimed that "passwords are losing battle to biometrics"... Despite the futility of the claim, I don't even need to dismiss it. There is one simple physical fact that renders this entire "battle" completely impossible. You can not transfer physical objects over a data network! For a thoughtful reader this statement is enough to abandon the biometric "authentication" attempts. But the market is not lead by thoughtful people, therefore I reiterate: A computer can not internalize your fingerprints. One interesting consequence of this simple fact is described in "Fingers vs Fingerprints", another one is that nobody except the fingerprints reading machine has actually witness your fingerprints. I generously assume that this hypothetical machine is capable of telling fake fingerprints and cut-off fingers from legitimate fingers naturally connected to a user's body. Just imagine a machine as perfect as your imagination allows -- this can not damage my point. My point is that this reading machine is the only actor that actually have your fingerprints seen. Therefore this machine itself is the source of your fingerprints authenticity. Therefore, in order to transfer this critical knowledge into your information system, you must authenticate the machine itself. An authentication conformation can not be obtained from a non-authentic source (I apologize for stating the obvious, but I had to mention it, because security experts could read this article, they could be confused otherwise). So, you did not replace the authentication procedure, you merely shifted it to the machine. What are the auth means available in the digital realm (machine-to-machine)? -- a knowledge claim, again, nothing else. Essentially, it is either a password, or an asymmetrical crypto key, either way it is a protected piece of information owned by (contained in) a client-side machine. This precious possession effectively adds all your fingerprint reading machines to the attack surface -- these machines now require special protection. To the possibility of faking fingerprints we now added a possibility of faking fingerprints reading results. Shall I mention that the keys could be leaked by the maintenance personnel? There is, however, an extremely secure and logically consistent way to relieve your fingerprint reading machines from their burden. You can delegate these keys to your legitimate users. A machine does not keep any keys at all -- in this case no amount of sophistry and hacking skills would help a random stranger to create a legitimate fingerprints image -- you can sell your machines on a free market as DIY kits... To further secure this scheme you can make the keys individual for each user, this will protect users from attacks created by other legitimate users. Of course, the users should generate their own keys on their own. And if you want to secure it all even further, you can introduce a password-based encryption of the keys. ...wait!.. why do we bother with those fingerprints then?
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ