Biometrics must balance privacy and security |
| Posted by: Sean Kelly | | Biometrics must balance privacy and security
| quote: |
Biometrics, an automated way to authenticate a person's identity, is being used from airports to grocery stores for both security and convenience.
[...]
Registration involves providing a credit card or other payment method and the capture of a digital fingerprint. San Francisco-based Pay By Touch operates the technology for Piggly Wiggly and several other retail stores.
[...]
Some researchers say biometrics can be more secure than passwords, personal identification numbers, or even physical keys.
"Basically, what the biometric does is, it requires an individual to be physically present," said Larry Hornak, director of West Virginia University's Center for Identification Technology Research. "Whereas [with] a password, you can easily provide that to someone else.
[...]
Nelson said it is critical that legal safeguards keep pace with the technological advances in biometrics.
[...]
"Our feeling is that it's just not ready for prime time right now. There are a lot of applications where it can be used, but they tend to be small scale. But if you want security and any kind of a high volume application, it's probably not going to be very effective," he said. |
| | Reply To this Message
|
| Posted by: nikiTa | | Biometrics just encourages mutilation.
Chop off a finger, rip out an eyeball...it's simple.
Or you can go all high tech....put a piece of special plastic onto someone's finger, take the print...put the plastic on your finger and voila.
Scan a picture of someone's eyeball (quite similar to your avatar, Sean), make a contact with the retinal scan and voila...nothing is foolproof.
A combination of password authentication, biometrics, and secure ID is better....but still not foolproof. | | Reply To this Message
|
| Posted by: Sean Kelly | | Nothing is fool proof, indeed, just as there is no such thing as "safe & secure". It's all a matter of degree. At this point biometrics offers a higher degree of identity security than anything else we have to offer. | | Reply To this Message
|
| Posted by: Sean Kelly | | RFID is no better than any other ID sitting in a computer database somewhere. It's not as secure as an actual biometric.  | | Reply To this Message
|
| Posted by: nikiTa | | Each chip has its own digital fingerprint assigned only to that individual.
The "ID" wouldn't be housed in a computer, but in the flesh....
One could always have the chip dug out I suppose.....but not by a willing subject...as secure as a chopped finger would be. | | Reply To this Message
|
| Posted by: Anomaly77 | |
| quote: |
| RFID chip implants. Approved Oct 2004 by Congress for medical purposes. |
Is there a link that you know of, regarding this approval?
| | Reply To this Message
|
| Posted by: Sean Kelly | |
| quote: |
sowhatsthetruth said this in post #6 :
Each chip has its own digital fingerprint assigned only to that individual.
The "ID" wouldn't be housed in a computer, but in the flesh....
|
What you are describing is a serial number for a person with the serial number encoded on the chip. But the serial number would have to be stored somewhere in a database with other serial numbers in order to "look up" information about that person. Your point of weakness is the insecure computer based system.
Though really any form of biometric would eventually be tied back to an account record of the person which would still, ultimately, be insecure by nature. So as with anything else in life, "safe & secure" really is just a fairy tale in the end.
Even so... a set of biometrics required to obtain the account ID would be a shade more difficult to hack than a simple serial ID string.
| | Reply To this Message
|
| Posted by: nikiTa | | A biometric such as a digital rendition of a fingerprint....is a binary string of 0's and 1's as you are well aware.
A nanochip could very easily incorporate this binary string and add another unique identifier.
For any biometric identifier, there is a a database housing that digital fingerprint as well.....a simple DMV lookup proves this.
Add encryption over a secure network....and its as secure as any biometric digital translation.
The problem they are concerned about is not security....it's privacy.
www.lawtechjournal.com/notes/2002/24_020819_unatin.php
www.sfgate.com/cgi-bin/article.cgi?...MNGQA99FDM1.DTL
and many others | | Reply To this Message
|
| Posted by: Sean Kelly | |
| quote: |
sowhatsthetruth said this in post #12 :
A biometric such as a digital rendition of a fingerprint....is a binary string of 0's and 1's as you are well aware. |
Done correctly, it's not. Here's how I would implement a finger-print + chip ID combinatory system:
The digital fingerprint is a representation of the location of various "points of interest" on a person's unique fingerprint. If there are 25 points of data that are strung together and then a database is queried for records that match all 25 points of data, only one unique record should be returned: that belonging to the matching user.
Those 25 points of fingerprint data MUST be pulled from your fingerprint, not a device which has that data pre-stored in it. If it's pre-stored, then replication of that device and thus the content within it constitutes fair access to that user's records even if the fingerprint itselv has not been verified: if the chip says it's so, then it must be so! This is an insecure assumption. The data should be pulled from a fingerprint in secure systems EVERY single time identity is being verified.
A second precautionary measure could be taken then which is the use of a serial number from a chip. This would take the print data, pull a matching record from the database, check the serial number of the record and see if it matches the serial number on the chip. If it does not match, then the wrong record was pulled, probably from a bad print read or analysis. The user must be prompted to re-authenticate at that time.
The serial number itself cannot be used to look up a record however because serial numbers are not uniqe. This is done by taking 1 million people and assigning each of them one of 1000 different serial numbers. Then you will have 1000 people who have the same SN for each SN. The assignment of SN's could be spread out geographically based on residence or place or date of birth, or whatever other criteria to eliminate predictability of SN's. This duplicity of SN's prevents someone from looking up a SN in the database and discovering the personal information of a person who is assigned to that SN because 1000 matching records would be returned for any given SN.
Thus, the only way to identify a unique record is to have the fingerprint data to isolate it as the primary key. And the only source for that fingerprint data should be the finger itself. Thus a true "biometric".
There are two ways to cheat this system, both of which require someone to break into the network (which CAN be secured if approached correctly, contrary to popular belief - trouble is it seems only the government and hackers tend to understand what's involved) and either:
A) Install software that will steal fingerprint biometric data from users as they are digitally printed for authentication. The biometric data could later be used to isolate their unique record in the database, or
B) Download ALL record data from the database indiscriminant of who's who and just steal user data arbitrarily without regard to biometric data or serial numbers or anything.
Both scenarios could be averted with a proper security strategy.
There is one other possible special case scenario, but the odds are significantly weighted against it: the user's print data could be read incorrectly and return the record information of a person who is not them and their serial number could, luck of the draw, happen to match. The solution to blocking unauthorized access to randomly inaccurate record pulls is use of a personal PIN that the user must enter to gain access to the account information.
Thus the complete solution entails:
1) Biometric identification (username)
2) Personal PIN (password)
3) Chip SN authentication (permission)
requiring the presence of the body (finger), the presence of the mind (PIN), and a rapid rejection process for failed biometric data acquisition (Chip SN). Bear in mind that the finger print data could be substituted for or augmented with retinal ID, hand geometry analysis, and any of a number of other biometric properties that could be used to significantly reduce the number of false positives; these would also serve to increase the potential for bad metric analysis however, which may increase the number of identification attempts needed to get a good matching read. Such failures would diminish with improved accurace of data acquisition devices however. The ultimate would be DNA analysis that takes a sample of surface skin cells, extracts and serializes your DNA and BAM: you're you.
Thus is our future, ladies and gentlemen!
| | Reply To this Message
|
| Posted by: nikiTa | | Interesting, thanks. Some questions and comments, if you will.
| quote: |
Sean Kelly said this in post #13 :
Done correctly, it's not. Here's how I would implement a finger-print + chip ID combinatory system:
The digital fingerprint is a representation of the location of various "points of interest" on a person's unique fingerprint. If there are 25 points of data that are strung together and then a database is queried for records that match all 25 points of data, only one unique record should be returned: that belonging to the matching user.
I understand....but its still a binary representation of those 25 points, no?
Those 25 points of fingerprint data MUST be pulled from your fingerprint, not a device which has that data pre-stored in it. If it's pre-stored, then replication of that device and thus the content within it constitutes fair access to that user's records even if the fingerprint itselv has not been verified: if the chip says it's so, then it must be so! This is an insecure assumption. The data should be pulled from a fingerprint in secure systems EVERY single time identity is being verified.
So, how may common criminals, or even high tech spy types would have access to not only to this data, but a manufacturing process that can duplicate these nanochips? Because it won't be a standard serial number in the future, believe me, and if encrypted, a digital fingerprint can only be read by a decryption device using that key....and how many common criminals or spy types would have that technology at their disposal....a few yes, but if someone is going to that it extreme, well, simple biometrics won't stop them either.
A second precautionary measure could be taken then which is the use of a serial number from a chip. This would take the print data, pull a matching record from the database, check the serial number of the record and see if it matches the serial number on the chip. If it does not match, then the wrong record was pulled, probably from a bad print read or analysis. The user must be prompted to re-authenticate at that time.
A nanochip could store an entire person's DNA code as an identifier, height, weight, retina, fingerprint (all 10 digits) personal history, medical, profile.... the list is endless...encrypted and only decrypted by special technology....this is even more complex.
The serial number itself cannot be used to look up a record however because serial numbers are not uniqe. This is done by taking 1 million people and assigning each of them one of 1000 different serial numbers. Then you will have 1000 people who have the same SN for each SN. The assignment of SN's could be spread out geographically based on residence or place or date of birth, or whatever other criteria to eliminate predictability of SN's. This duplicity of SN's prevents someone from looking up a SN in the database and discovering the personal information of a person who is assigned to that SN because 1000 matching records would be returned for any given SN.
Like I said...data on the nanochip signifying DNA code...would be highly specific.
Thus, the only way to identify a unique record is to have the fingerprint data to isolate it as the primary key. And the only source for that fingerprint data should be the finger itself. Thus a true "biometric".
Biometrics would not be necessary given information such as DNA, fingerprints, retinas can be stored on the chip....unless someone wants to gouge out the chip...or recreate the chip (highly unlikely).
There are two ways to cheat this system, both of which require someone to break into the network (which CAN be secured if approached correctly, contrary to popular belief - trouble is it seems only the government and hackers tend to understand what's involved) and either:
A) Install software that will steal fingerprint biometric data from users as they are digitally printed for authentication. The biometric data could later be used to isolate their unique record in the database, or
B) Download ALL record data from the database indiscriminant of who's who and just steal user data arbitrarily without regard to biometric data or serial numbers or anything.
Both scenarios could be averted with a proper security strategy.
That's fine, but if someone doesn't have the proper reading device of the nanochip....cannot decode the encryption on the nanochip....it really doesn't matter if they have the matching data. Using a reindahl algorithm or greater algorithm could ensure this.
There is one other possible special case scenario, but the odds are significantly weighted against it: the user's print data could be read incorrectly and return the record information of a person who is not them and their serial number could, luck of the draw, happen to match. The solution to blocking unauthorized access to randomly inaccurate record pulls is use of a personal PIN that the user must enter to gain access to the account information.
Thus the complete solution entails:
1) Biometric identification (username)
2) Personal PIN (password)
3) Chip SN authentication (permission)
requiring the presence of the body (finger), the presence of the mind (PIN), and a rapid rejection process for failed biometric data acquisition (Chip SN). Bear in mind that the finger print data could be substituted for or augmented with retinal ID, hand geometry analysis, and any of a number of other biometric properties that could be used to significantly reduce the number of false positives; these would also serve to increase the potential for bad metric analysis however, which may increase the number of identification attempts needed to get a good matching read. Such failures would diminish with improved accurace of data acquisition devices however. The ultimate would be DNA analysis that takes a sample of surface skin cells, extracts and serializes your DNA and BAM: you're you.
Adding a PIN, yes, that complicates it, but also is so simple it can be replicated easily.
Thus is our future, ladies and gentlemen!
This nanochip is what they are going with....factories already been built and operational. Nanochip companies waiting in the wings for FDA approval for greater uses....will make biometrics alone obsolete....when all biometric data, including DNA code can be stored on the chip.
Only one made per person. Only one DNA code per individual....except identical twins.
|
| | Reply To this Message
|
| Posted by: Sean Kelly | | You are assuming that nano-chips couldn't be replicated or falsified by crooks and are therefore just a good as a real biometric. This assumption is based on false logic. You are correct in that the "common crook" would not be able to work this out for themselves, but you under-estimate the power of insidious hackers. Take the following ficticious security example from current (and accurate) Internet trends:
A thirteen year old kid with a bad attitude and an oath of vendetta against a public Internet forum who banned him from their site for consistent violation of site policies. The kid goes looking for a way to "teach them a lesson." He searches google for phrases such as "how to hack a website" and "take down server" and finds a number of informative resources that describe the basics of hacking. Eventually he comes across a small treasure-trove: begining hacker tools. One of the tools is a script that was coded by an anonymous hacker somewhere on the Internet with a strong knowledge of possible exploits for web servers. So our kiddie downloads and runs the script targeting our forum website. The script attempts hundreds of known exploit techniques and finally discovers not one, but five different points of entry into the server. The "script kiddie" then gains access to the server and has his way with it ranging from defacement of the site to formatting the entire hard drive.
Believe it or not, this is NOT uncommon. Script kiddies may be stupid, but they are a very real threat to Internet security because there are great numbers of them who employ powerful software tools written by only a few who actually know what they're doing. This is relevant to the topic at hand because the script kiddie is our "common crook" who is armed with tools produced by an elite crook who is well hidden from public view and tends not o cause trouble himself.
In this light, I guarantee you that were such a system as you describe (SWTT) to be deployed, a handful of the elite will produce tools to circumvent security and falsify information and steal data if the entire system is based on a single point of failure: the digital chip. It doesn't matter if it's encrypted, nor if it is hardware, nor if it costs $1M for the developer's kit. I know hackers. If you say "there's no way you can do this," they say, "oh yeah?" Thus begins the challenge.
For the most part anything can be hacked at. Your model is particularly dangerous because there is no authentication that occurs. It simply assumes that the presence of the digital signature contained in the chip is all the authentication it needs. That is begging to be hacked. A multi-layer system like I describe however requires multiple points of verification to authenticate and could globaly reject access after X failed attempts. It can be made to be impossible to hack if the proper measures are taken for physical security, network encryption and server software security - but only on the condition that authentication is verifiable which means either multiple points of input, or a single point of input which cannot be falsified (I've yet to see anything matching this description).
And for the sake of discussion, want to know how I would break your lovely RFID encrypted system?
1) I wouldn't bother hacking the device or trying to obtain the decrypted data; it's not necessary. What I would do is download some information on RF signalling and produce an RF sniffer that can record and replicate RF signals.
2) I would take my RF recorder and record the RF session between the device reader at my favorite ATM and my personal chip (since everyone has one, right? ). I would then sample the same sessions of several friends and dump all the recorded RF data onto a computer. A little simple signal analysis will reveal what portions of the session are static (initial handshakes) and what portions are session-specific encrypted data.
3) I would replicate the handshake signals and trigger my chip into responding and go back and forth with signal analysis until I can completely replicate an RF session interaction with any RFID chip. Revising my design to replicate these sessions as needed, it will emit handshakes and record the responses from an RFID - this is how I steal data from the RFID. It's all recorded in analog RF signals, I have no idea what the data itself is.
4) With a little surveillance, I choose a victim to target; I wait for them outside my bank, watching who comes and goes and what vehicles they are driving and how they dress. I pick a young lady with a big wedding ring and an expensive car who appears to be the pampered type. I follow her, find where she lives and come return at a later date with a plan to trick her into bringing her RFID chip to within session range of my session simulator/recorder. I would probably do this as a phoney flower delivery person and have her sign a digital tablet with the device embedded in the tablet in such a way as to be activated when she grasps the tablet. I thank her very much and wish her a nice day as I walk away with not only her RFID data, but a high resolution digitial copy of her signature too - maybe that'll be useful one day.
5) I make a second revision of my device which emits the RFID responses I've stolen and then take this device to the same ATM. The ATM now interacts with my RFID simulator which contains my victim's information. Once I'm authenticated, I make a small withdrawal.
And that's the easy way. | | Reply To this Message
|
| Posted by: nikiTa | | I don't like the RFID solution either.
But this is where they are headed, like it or not....if you look at the trends....factory production...companies' collusion with the feds
I am not so much as concerned with security...ANYTHING can be hacked into....
inlcluding biometric information....hack into the local DMV for my fingerprints...a 13 year old could do that too.
You can sniff your way into an FDC and be the richest man in the world....where there is a will there is a way....
My concern is privacy, GPS transmission, walking under door portals etc.
Setting up an authentication protocol including various means of identification....I mentioned a multi-layer solution in post #2.
"A combination of password authentication, biometrics, and secure ID is better....but still not foolproof."
Nanochips will be the future....to include biometric identification will prove redundant. | | Reply To this Message
|
| Posted by: Sean Kelly | | I must've missed your comment in post #2. I share your privacy concerns. Even if nanochips were an option in the future, I anticipate that if they are optional for participation they will receive twice as much negative coverage as positive and people will simply opt out. Overall, I think they're a bad idea. | | Reply To this Message
|
| Posted by: nikiTa | |
| quote: |
Sean Kelly said this in post #17 :
Even if nanochips were an option in the future, I anticipate that if they are optional for participation they will receive twice as much negative coverage as positive and people will simply opt out. Overall, I think they're a bad idea. |
I agree they are a bad idea.
Unfortunately, if the one world order crowd has their way, there won't be much of a choice. 
It will be in the name of "peace and security."
| | Reply To this Message
|
| Posted by: Sean Kelly | | Such "peace and security" could trigger WW3 if overpowering governments don't recognize the power of the peoples' will to not be domineered over in a totolitarian world. | | Reply To this Message
|
Medicine, Science & Technology Forum: Biometrics must balance privacy and security
|
