Forwarded From: andrewat_private (Andrew McNaughton) >Forwarded From: Felix von Leitner <leitnerat_private-berlin.de> >> Forwarded From: Andrew McNaughton <andrewat_private> >> >> A question I've been trying to answer is whether anyone's come up with a >> biometric which is sufficiently discrete to be put through a cryptographic >> hash. > >You don't want to do that, because biometrics is always a statistical >process. You take a picture (and lose information due to aliasing and >small resolution). You then run a digital filter on the picture (and >do some statistical process that loses even more information). In the >end, you get some extracted details that you try to match to the picture >in the database. Now, the weather might have changed, the lighting has >changed. Iris scans have (according to Iriscan's pages anyway) enough information in them that one could afford to lose a high proportion of it and still easily avoid false positives. False negatives are more of a problem due to various factors as mentioned by you and Gene Spafford. >What is the guy trying to achieve? That you can do a fast database >lookup? Database access is not an issue with current systems. That you >have a has so you can't impersonate someone? The iris picture _is_ a >hash from the picture, albeit a very specialized one. The goal I have in mind is to produce a code which can be used to verify identity, but cannot be linked with another database. >At any rate, even if we used a hash, the biometric device would still >have the original picture before taking the hash and could store it in a >database. You can't really to anything against that. True up to a point. Try this scenario The reader displays a database specific code to the scanned person on a panel (human readable text naming the database), which would be combined with the iris image and a secret key as well, known to the database system, and provided to the reader. The bundle then gets hashed to produce a code which is then passed out of the reader to whatever system lies beyond, and stored in the database. Supposing that this arrangement were required by law, it being a crime to possess raw biometric identification data outside of a licensed device. Of course illegal devices would come about, and collect images which could be used to fool the system (assuming a suitably reponsive image of an eye could be presented). A camera mounted in the street could probably collect the data to crack accounts at every ATM in the vicinity. Identity theft would not be impossible, though it would be a great deal more difficult than with Social Security Numbers. What would be acheived though is a system whereby users can identify themselves, without providing a key to link databases collected for separate purposes. It's more a question of controlling the actions of businesses and government departments who run the databases rather than thwarting criminals. >The biometrics stuff works like that: > > - you take a series of pictures of the eye > - you apply adaptive wavelet transforms > - you do some reduction and get a 1600 bytes data block > - you require the user to present his smart card > - the smart card reveals another 1600 bytes > - the ATM compares these 1600 byte hashes The stuff I looked at at www.iriscan.com suggests that their final comparison is just a count of the number of bits in the data block that don't match. The technical problem is to produce a code which is comparable after a cryptographically secure hash. I'm not a cryptographer, but I suspect that this is awkward. Perhaps the database and secret keys could be rolled into the iris image or the wavelet transform process? >Problems are: > > - you have to take a series of pictures to make sure the eye is still > moving (that is, not dead). This can unfortunately still be faked > with electric impulses on a dead eye. > - you have to make sure that nobody can fabricate a smart card for a > person except you. This is not trivial and will probably be done > with second level security (high civil charges for misuse, > additional security cameras, ...) > - someone could fake the iris image by basically replaying a video > tape with a special monitor before the camera. > I heard that the IBM system is vulnerable to this attack. Iriscan use light response to avoid replay attacks. I imagine it could be fooled by a system which doctored the images in response. In a way, using biometrics is a bit like a password system where people walk around with their passwords tattooed on their foreheads for all to see. What security exists in it is somewhat akin to the difficulty of forging a banknote. >That's why institutions like nuclear power plants use more than one >camera at different angles and combine iris biometrics with face >biometrics and speech biometrics. BTW: speech biometrics is not >vulnerable to replay attacks. Current systems tell you what you should >say and then uses speech recognition to see if you really said what you >were supposed to say. Finally, it detects patterns in your speech and >checks them against the database. It's still a race between the identification system and the speech synthesiser. No doubt it works, but if the attacker knows enough about what the recognising system is looking for The necessary features can presumably be layed over the top of someone else's voice. >> http://www.biometrics.org/examples.html lists dozens of biometrics systems >> with links. The rest of the site also has some interesting stuff (This is >> the Biometrics Consortium, which Wired pick as probably becoming a >> regulatory body in the area at some stage). > >Huh? "Wired" picks them? Since when does Wired pick regulatory >bodies?! This is like letting USA Today choose the president! Yeah, yeah. I don't know wired's source, but it seems sufficiently plausible to pass on. This paragraph was snipped out of something passed to a journalist. Saying it's from other reporters means it needs to be verified before it can be used as opposed to being something I have gotten from source and paraphrased myself. Andrew McNaughton ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Andrew McNaughton = ++64 4 389 6891 Any sufficiently advanced = andrewat_private bug is indistinguishable = http://www.squiz.co.nz from a feature. = http://www.newsroom.co.nz -- Rich Kulawiec = -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:40 PDT