home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
linuxmafia.com 2016
/
linuxmafia.com.tar
/
linuxmafia.com
/
pub
/
linux
/
security
/
biometrics
< prev
next >
Wrap
Text File
|
2000-10-12
|
4KB
|
76 lines
The Problem with Biometrics
Biometrics is a really cool technology: You're your own authentication
device. Your voiceprints, thumbprints, or retinal scan uniquely
identify you for access to controlled areas. The readers are even smart
enough to check finger and retina readings for your pulse. (There are
also iris scans, handwriting, signature geometry, typing patterns,
hand geometry, and others.)
Security experts get the warm-fuzzies from "what you are" (e.g.,
biometrics) being used for access authentication along with "what you
know" (password) and "what you have" (cardkeys). See my security article,
http://www.linuxworld.com/linuxworld/lw-2000-08/lw-08-expo00-hacking_p.html
So, biometrics is a good thing, it would seem.
But there are some small problems, and there is also one huge honking
problem. The small problems are generally a small incidence of false
negatives (when the system won't allow legit access). The system can be
adjusted to err either on the side of that or false positives. Not a
big problem.
The huge honking problem comes from the way eletronic records of your
biometrics must (necessarily) be handled: You do an electronic
thumbprint for Mr. Security Guy, who (let's say) works for Sonitrol.
Mr. Guy stores data on aspects of your thumbprint in a data file.
Later, the door-lock device measures your thumbprint, and lets you in
if it matches the thumbprint on file. Later, management can see exactly
who has entered and who hasn't (ignoring people who had doors held open
for them), at what times.
That's the theory, anyway. But let's suppose Mr. Guy has a hobby: He
collects thumbprint data files and misuses them in creative ways. Next
Friday night, there's a burglary from our labs, and the thumbprint
records say you entered there at 4 AM. You know you were home asleep.
But let's say you have an honest face, and avoid getting fired.
Sunday night, Tyan down the street has a similar burglary. Their outer
door was crowbarred open, but their biometrics records -- maintained by
Sonitrol, oddly enough -- seem to indicate a visit by you, at 10 PM.
Fremont police think you've started a second, nighttime career. In
fact, there are high-tech burglaries all over Warm Springs that evening:
Police figure you're not too bright, and tried your thumbprint at each
location before resorting to your crowbar. Maybe your honest face gets
you off; maybe not.
Next month, possibly after posting bail, you notice a new newgroup:
alt.crackers.biometrics. In it, you notice that HAXORD00D has posted
what seems to be MIME BASE64-encoded biometric data from what is said to
be your thumbprint.
In short, your "thumbprint" (or rather, the electronic record of it) has
been stolen. You can't get it back. Wait, you think, you can always
revoke authentication keys, right? I mean, if you lose your cardkey,
you 'fess up to Rob Walker, he disables recognition of your lost card,
and he gives you a new one. If your RSA or PGP private key gets stolen,
you can revoke it electronically.
But this is your _thumb_. You can revoke that biometric "signature"
exactly twice, but it's painful, and your chopstick-handling will never
be the same. (Amputation, I mean.) If and when your biometric
impression gets stolen -- which might happen elsewhere, and merely
_affect_ you here -- you're totally out of luck. And you won't
necessarily even know it's happened -- except by observing yourself
getting fired and/or arrested when Mr. Guy and co. need a suspect.
So, management only _thinks_ biometrics is a good idea and absolutely
records who's entered where and when. Because it does not do that, but
management _thinks_ it does, it is a positive menace to the interests of
the people being identified (as above).
Unfortunately, management is tending these days not to realise the above
until long after it's spent money on biometrics -- even though cardkeys
would be better and are cheaper.