Forwarded From: andrew@squiz.co.nz (Andrew McNaughton)
>Forwarded From: Felix von Leitner <leitner@math.fu-berlin.de>
>> Forwarded From: Andrew McNaughton <andrew@squiz.co.nz>
>>
>> A question I've been trying to answer is whether anyone's come up with a
>> biometric which is sufficiently discrete to be put through a cryptographic
>> hash.
>
>You don't want to do that, because biometrics is always a statistical
>process. You take a picture (and lose information due to aliasing and
>small resolution). You then run a digital filter on the picture (and
>do some statistical process that loses even more information). In the
>end, you get some extracted details that you try to match to the picture
>in the database. Now, the weather might have changed, the lighting has
>changed.
Iris scans have (according to Iriscan's pages anyway) enough information in
them that one could afford to lose a high proportion of it and still easily
avoid false positives. False negatives are more of a problem due to
various factors as mentioned by you and Gene Spafford.
>What is the guy trying to achieve? That you can do a fast database
>lookup? Database access is not an issue with current systems. That you
>have a has so you can't impersonate someone? The iris picture _is_ a
>hash from the picture, albeit a very specialized one.
The goal I have in mind is to produce a code which can be used to verify
identity, but cannot be linked with another database.
>At any rate, even if we used a hash, the biometric device would still
>have the original picture before taking the hash and could store it in a
>database. You can't really to anything against that.
True up to a point. Try this scenario
The reader displays a database specific code to the scanned person on a
panel (human readable text naming the database), which would be combined
with the iris image and a secret key as well, known to the database system,
and provided to the reader. The bundle then gets hashed to produce a code
which is then passed out of the reader to whatever system lies beyond, and
stored in the database.
Supposing that this arrangement were required by law, it being a crime to
possess raw biometric identification data outside of a licensed device. Of
course illegal devices would come about, and collect images which could be
used to fool the system (assuming a suitably reponsive image of an eye
could be presented). A camera mounted in the street could probably collect
the data to crack accounts at every ATM in the vicinity. Identity theft
would not be impossible, though it would be a great deal more difficult
than with Social Security Numbers.
What would be acheived though is a system whereby users can identify
themselves, without providing a key to link databases collected for
separate purposes. It's more a question of controlling the actions of
businesses and government departments who run the databases rather than
thwarting criminals.
>The biometrics stuff works like that:
>
> - you take a series of pictures of the eye
> - you apply adaptive wavelet transforms
> - you do some reduction and get a 1600 bytes data block
> - you require the user to present his smart card
> - the smart card reveals another 1600 bytes
> - the ATM compares these 1600 byte hashes
The stuff I looked at at www.iriscan.com suggests that their final
comparison is just a count of the number of bits in the data block that
don't match. The technical problem is to produce a code which is
comparable after a cryptographically secure hash.
I'm not a cryptographer, but I suspect that this is awkward. Perhaps the
database and secret keys could be rolled into the iris image or the wavelet
transform process?
>Problems are:
>
> - you have to take a series of pictures to make sure the eye is still
> moving (that is, not dead). This can unfortunately still be faked
> with electric impulses on a dead eye.
> - you have to make sure that nobody can fabricate a smart card for a
> person except you. This is not trivial and will probably be done
> with second level security (high civil charges for misuse,
> additional security cameras, ...)
> - someone could fake the iris image by basically replaying a video
> tape with a special monitor before the camera.
> I heard that the IBM system is vulnerable to this attack.
Iriscan use light response to avoid replay attacks. I imagine it could be
fooled by a system which doctored the images in response. In a way, using
biometrics is a bit like a password system where people walk around with
their passwords tattooed on their foreheads for all to see. What security
exists in it is somewhat akin to the difficulty of forging a banknote.
>That's why institutions like nuclear power plants use more than one
>camera at different angles and combine iris biometrics with face
>biometrics and speech biometrics. BTW: speech biometrics is not
>vulnerable to replay attacks. Current systems tell you what you should
>say and then uses speech recognition to see if you really said what you
>were supposed to say. Finally, it detects patterns in your speech and
>checks them against the database.
It's still a race between the identification system and the speech
synthesiser. No doubt it works, but if the attacker knows enough about
what the recognising system is looking for The necessary features can
presumably be layed over the top of someone else's voice.
>> http://www.biometrics.org/examples.html lists dozens of biometrics systems
>> with links. The rest of the site also has some interesting stuff (This is
>> the Biometrics Consortium, which Wired pick as probably becoming a
>> regulatory body in the area at some stage).
>
>Huh? "Wired" picks them? Since when does Wired pick regulatory
>bodies?! This is like letting USA Today choose the president!
Yeah, yeah. I don't know wired's source, but it seems sufficiently
plausible to pass on. This paragraph was snipped out of something passed
to a journalist. Saying it's from other reporters means it needs to be
verified before it can be used as opposed to being something I have gotten
from source and paraphrased myself.
Andrew McNaughton
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Andrew McNaughton =
++64 4 389 6891 Any sufficiently advanced =
andrew@squiz.co.nz bug is indistinguishable =
http://www.squiz.co.nz from a feature. =
http://www.newsroom.co.nz -- Rich Kulawiec =
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri May 8 08:59:49 1998