Re: [ISN] Are Biometrics Hashable?

From: mea culpa (jerichoat_private)
Date: Tue May 12 1998 - 01:13:13 PDT

  • Next message: mea culpa: "[ISN] IPSec Security Standard Captures Industry Leaders"

    Reply From: Felix von Leitner <leitnerat_private-berlin.de>
    Reply To: andrewat_private
    
    > >What is the guy trying to achieve?  That you can do a fast database
    > >lookup?  Database access is not an issue with current systems.  That you
    > >have a has so you can't impersonate someone?  The iris picture _is_ a
    > >hash from the picture, albeit a very specialized one.
    > The goal I have in mind is to produce a code which can be used to verify
    > identity, but cannot be linked with another database.
    
    Forget about that.
    The device takes a picture of you.  Whatever steps your protocol
    requires after it, the machine could still be a trojan that does bad
    things with the pictures.
    
    > The reader displays a database specific code to the scanned person on
    > a panel (human readable text naming the database), which would be
    > combined with the iris image and a secret key as well, known to the
    > database system, and provided to the reader.
    
    So who combines it?
    The person?  Then it's not biometric but token based.
    The machine?  Then it can be subverted by a trojan machine.
    
    > The bundle then gets hashed to produce a code which is then passed out
    > of the reader to whatever system lies beyond, and stored in the
    > database.
    
    So you still have to trust the reader.
    If we logically separate the reader from the ATM, we only have to trust
    one part of the whole, but we still have to trust a machine not to do
    illicit stuff with the pictures.
    
    > Supposing that this arrangement were required by law, it being a crime to
    > possess raw biometric identification data outside of a licensed device.
    
    Bah!
    Second level security!
    The whole point about biometrics is that we no longer need the law
    because it's technically sound.  If we could rely on the law, we didn't
    need any authentication system, just make it illegal to take more money
    than you should.
    
    > Of course illegal devices would come about, and collect images which
    > could be used to fool the system (assuming a suitably reponsive image
    > of an eye could be presented).  A camera mounted in the street could
    > probably collect the data to crack accounts at every ATM in the
    > vicinity.  Identity theft would not be impossible, though it would be
    > a great deal more difficult than with Social Security Numbers.
    
    The goal is to have a secure method, not to have a less insecure method.
    
    > What would be acheived though is a system whereby users can identify
    > themselves, without providing a key to link databases collected for
    > separate purposes.
    
    Of course you still provide that key, you only provide it to someone
    else.
    
    > It's more a question of controlling the actions of businesses and
    > government departments who run the databases rather than thwarting
    > criminals.
    
    If the NSA wants to subvert your ATM, it still can.
    
    > The stuff I looked at at www.iriscan.com suggests that their final
    > comparison is just a count of the number of bits in the data block that
    > don't match.  The technical problem is to produce a code which is
    > comparable after a cryptographically secure hash.
    
    If course you can still compare the data, but not on similarity.
    If a cryptographic method still allows similarity analyses, it is
    susceptible to so-called differential cryptanalysis, that is, it's
    insecure.
    
    > I'm not a cryptographer, but I suspect that this is awkward.
    
    It is impossible.
    Plus, it doesn't make any difference.
    
    > Perhaps the database and secret keys could be rolled into the iris
    > image or the wavelet transform process?
    
    It is still done by a machine you'd have to trust.
    The point is: no matter what part of the machine does the cryptography,
    you still have to trust it.
    
    And the NSA is now routinely eavesdropping on the Internet and sold
    crypto-devices with back doors to Iraq and other nations (via a Swiss
    company that belonged to the German secret service).  Things like
    getting trojan devices installed is commonplace with the NSA and other
    secret services.  It's their daily business.
    
    > It's still a race between the identification system and the speech
    > synthesiser.  No doubt it works, but if the attacker knows enough about
    > what the recognising system is looking for The necessary features can
    > presumably be layed over the top of someone else's voice.
    
    If you can demonstrate that, you will become rich and famous.
    And you will receive a life-long position at the secret service.
    
    Felix
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:53 PDT