Utilizing Biometrics is not a new idea; nor is using the data captured by a biometric device as a unique cryptographic key. The real issue with biometrics as keys is that they may be faked just as easily as a password. Cappelli et al demonstrate that the effectiveness of both capacitive and optical scanning devices at differentiating an imposer versus the actual finger print are marginal at best.[CR]i Futher to their analysis Sten et al. State that various standard methods utilizing house hold items may be conducted to fool the fingerprint scanner, these include creating a gelatin mold of the available fingerprint left on the laptop case itself or simply breathing on the scanner to reveal the oil of the previous scan then utilizing common forensic methods to lift the print and reproduce it in a usable medium, silicon sealant works well with tape and graphite from pencils for such work.[SA]ii
Poorly written spy thrillers and action films would have us believe that a severed finger or poked out eye may fool even the worlds best biometric systems, the truth is that a severed finger would fool most biometric scanners; we may assume the deformation of a eye given the severe trauma involved in removing it from the socket would modify both the iris and retina characteristics used by said scanning systems beyond acceptable reading norms. However with medical images available on health networks, should an advanced persistent threat so choose to they may recreate the eye including the iris utilizing modern 3D printing techniques and available data from the person in question and ensure it meets the optical characteristics required to maintain authentication. However since we are considering only a general log-on and authentication to a workstation we may limit the scope of discussion to fingerprint scanners as they are the most popular and least expensive option.
Authentication can be augmented by the use of biometrics but these only serve to increase the level of effort and skill a persistent threat requires to circumvent the system's logon process. Identity based crypto-systems simply incorporate the use of biometrics with tokens and passwords. Strong Authentication as defined by RSA [RSA]iii, Tipton [TH]iv and others involved the use of any two following three characteristics:
- something known (ie; a password)
- something possessed (a token, smart card or standard IDE card)
- something unique (fingerprint, iris, face, retina, hand geometry, vascular structure of the hand or arm, typing gate and pattern, voice )
Considering the recent breaches at both RSA and Lockheed Martin we should reconsider any and all authentication systems to use one of all three of the above and define that as “Very Strong” authentication.
So we can use biometrics as a login to a device of relatively low sensitivity but as the saying goes, security measures should always be commensurate with asset value so if an identity based crypto system is implemented to secure assets of a sensitive nature we should use three factor authentication on said system after passing through a man-trap with three factor authentication and ensure that said system has no connection what so ever to the Internet.
As new methods to identify people evolve they will reduce the cost of implementation said methods which benefits the industry as now most if not all new laptops ship with a fingerprint reader as a standard option. Many software applications may tie into this reader as it does use a standardized interface just as a mouse or keyboard does; however due to the inherent weaknesses in this technology we should only rely upon the fingerprint as a single of three factors to consider when granting access to sensitive information or a sensitive system. Hybrid systems like those from Autenticka and other providers will considerably increase the difficulty required to circumvent a given systems authentication mechanisms.
Even with three factor authentication we are not considering authentication under duress; ie; someone holds a gun to your back and forces you to logon to a system; which in reality may happen in cases of industrial espionage more than any company would like to admit. Or the potential for fraud, as when the system itself becomes more difficult to exploit the people behind it often become the target.
In summary; we will always require a password, we may use biometrics to augment the authentication to a given crypto-system or console but to rely solely upon them is to invite moral hazard.
i[CP] Capelli Raffaele, Dario Mario, Maltoni Davide, Wayman James L, Jain Anik (IEEE, Transacations on Pattern analisys and Machine Intellegence, Vol 28. No. 1, January 2006) Preformance evaluation of fingerprint verfication systems [Online] PDF Document, Available from: http://www.computer.org/portal/web/csdl/doi/10.1109/TPAMI.2006.20 (Accessed on June 1st 2011)
ii[SA] Sten Antti, Kaseva Antti, Virtanen Teemupekka (Helsinki Unviersity of Technology, 2003) Folling Fingerprint scanners – Biometric vulnerabilities of the Precise Biometrics 100 SC Scanner
iii[RSA] n.d. (RSA, 2011) Strong Authentication [Online] World Wide Web, Available from: http://www.rsa.com/glossary/default.asp?id=1080 (Accessed on June 1st 2011)
iv[THF] Tipton, Harold F (CRC, Taylor and Francis, 2010) Offical guide to the CISSP CBK 2nd ED. ISBN: 978-1-4398-0959-4
No comments:
Post a Comment