Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Proving Yourself

By in Culture
Mon Jul 03, 2000 at 06:31:06 AM EST
Tags: Security (all tags)
Security

Recently there have been several stories on Kuro5hin about digital signatures, public key encryption and the like. In this article, I discuss some of the pitfalls and issues surrounding the principles.


3 things can uniquely identify you to a system:
  • something you have
  • something you know
  • something you are

"Something you have" refers to a physical object that you own, such as a card or a (real-life) key. Smartcards have been put forward for years as the solution: you have a small card, the size of a credit card, which contains your unique private key. The difference between that and your average credit card is that the smartcard contains an on-board processor, and more physical protection (shielding) to stop attacks based on electromagnetic radiation. Read Ross Anderson's "Tamper Resistance - A Cautionary Note" to see some issues with smartcards.

One of the problems with smartcards is that to use them, you require a card reader - these are not supplied with your average computer, and these devices will take time to reach mass market (unless they can be promoted like DVDs, which are now part of the standard computer package I see advertised in magazines). An alternative is a small 'key' that you plug in to your USB port - something that most computers now have - and performs the same functions as the smartcard. An example is Rainbow's iKey. Other likely technologies include the secure digital memory card, and Sony's memory stick.

"Something you know" - this refers to a passphrase, or password, that only you know. Although the brain is fairly tamper-resistant, most people are unable to remember the random sequence of digits that a strong password requires. Thus, they either choose a weak password (such as their car numberplate, or the word "elephant" or even "password"), or to remember the password, they write it down, and keep the written password close to their computers. Password problems are accentuated by the fact that you must regularly change the password (e.g. every 3 months) to preserve the security of a system. Most password schemes are flawed in that the passwords can be obtained using a "dictionary attack", where the cracker compares the encrypted password to a database of pre-encrypted passwords and deduces the plaintext password when the 2 match. Holes in operating systems, bugs in software, and even careless coding in CGI scripts all mean that it is relatively easy to obtain a list of encrypted passwords on most systems.

"Something you are" - this refers to your unique genetic identity, and is measured using biometric devices. Examples are fingerprint scanners, and iris or retina scanners. To avoid false positives (people incorrectly being identified as you), there must be enough degrees-of-freedom in the analysis.

For example, the iris scanners initially developed by Dr John Daugmann, divide the iris into about 200 odd segments, and match the patterns within those segments. He uses 2-dimensional Gabor wavelets to analyse the patters, due to their favourable mathematical properties: Gabor wavelets are invariant under rotation, dilation and translation. So for example, it doesn't matter if your eyes are 2mm closer to the scanner than before, because you can normalise the wavelets. His iris scanners also send out imperceptible flashes of light, to check that the eye responds, i.e. the eye is alive - this is intended to prevent criminals from stealing peoples' eyes to break into their accounts. Unfortunately, these devices are fairly expensive, so do not expect to see them widely available within the next few years.

People are also wary about their details being stored in databases - where physical and/or network security problems could lead to their unique identity being compromised.

As you can see, there are a vast number of issues associated with authentication. It is unlikely that anyone will come up with an infallible solution - as always, there is the trade-off between convenience and security. Privacy and security issues are set to become two of the most hotly-debated topics over the next few years.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Kuro5hin
o "Tamp er Resistance - A Cautionary Note"
o Rainbow's iKey
o Dr John Daugmann
o Also by


Display: Sort:
Proving Yourself | 21 comments (19 topical, 2 editorial, 0 hidden)
600 Million smartcard readers worldwide (2.50 / 2) (#3)
by Stuart Ward on Mon Jul 03, 2000 at 05:58:31 AM EST

I am involved in with m-commerce, the application of e-Commerce to mobile phones, and I am concerned with the adoption of PKI for m-commerce. Why, because PKI realy only identifies the smart card (SIM) inthe phone, not the person. Unless we signafantly improve the idenity verification of the person we will not improve thinks. The EMV card specification only allows for PIN verification and that 8 bytes long.
As to the assertation that there are few smart card readers arround almost every digital mobile phone containes one, and several manufactors are producing dual slot phones.

What movie was it (none / 0) (#4)
by Neuromancer on Mon Jul 03, 2000 at 08:03:25 AM EST

There was a movie where they cut a guy's eye out to use in a retinal scanner. Does anybody remember what movie it was?

Re: What movie was it (none / 0) (#5)
by Toojays on Mon Jul 03, 2000 at 08:09:01 AM EST

It's probably in more than one movie, but it definetely happens in the Sylvester Stallone movie where he's a cop who gets frozen and then gets thawed out in the future . . . Demolition Man is what it's called.

[ Parent ]
Retinal scanners are designed to prevent this (none / 0) (#8)
by Paul Crowley on Mon Jul 03, 2000 at 10:20:49 AM EST

Retinal scanners (and other "warm body" identification systems) are usually designed to detect the difference between live and dead eyes by looking for, for example, evidence of an IR pulse showing blood circulation. So this isn't the problem everyone imagines. Of course, being dragged to the cashpoint at gunpoint is just as much a danger as ever...
--
Paul Crowley aka ciphergoth. Crypto and sex politics. Diary.
[ Parent ]
Hehe (none / 0) (#19)
by Neuromancer on Wed Jul 05, 2000 at 04:26:58 PM EST

Right, but it was kinda neat in the movie ;-)

[ Parent ]
Re: What movie was it (none / 0) (#11)
by HiQ on Mon Jul 03, 2000 at 10:50:29 AM EST

Think it was an old James Bond movie
How to make a sig
without having an idea
just made a HiQ
[ Parent ]
Re: What movie was it (none / 0) (#14)
by mjg on Tue Jul 04, 2000 at 12:19:41 AM EST

That was Never Say Never Again, and it was a contact lens with another iris image implanted in it, rather than a whole eye.

[ Parent ]
Re: What movie was it (none / 0) (#12)
by Anonymous Hero on Mon Jul 03, 2000 at 11:11:44 AM EST

Snipes did it in Demolition man :)

[ Parent ]
A catch with iris scanners (none / 0) (#6)
by Anonymous Hero on Mon Jul 03, 2000 at 09:09:23 AM EST

If somebody, somehow, 'steals' the information your iris or fingerprint contains - then you'll have a hard time changing your 'password'. Stealing the info. can be done either by copying the physical print, or sniffing the data that the scanner produces. It is probably not yet possible to copy an iris or fingerprint, but if the bodyscan technology gets common, then someday I assume we'll see warnings agains touching doorknobs etc. without wearing gloves.

"genetic identity" and replay attacks (1.00 / 1) (#7)
by Ex Machina on Mon Jul 03, 2000 at 09:25:56 AM EST

Retinal scanners and fingerprint readers do not show your "genetic identity." These patterns are unique even among twins.<BR><BR>
Another subject that I find interesting in biometrics is "replay" attacks. I remember finding a fingerprint scanner that said it was "impossible" to "hack" because it employed a cryptographic channel between the scanner and the host. That seemed like a false sense of security, mainly because somewhere between your finger and the computer, the information - be it the photoimage of your finger or the unique value generated by your individual pattern - is unencrypted and can be captured and then replayed back.
/* ooka looka */
Re: "genetic identity" and replay attack (none / 0) (#15)
by Inoshiro on Tue Jul 04, 2000 at 01:02:59 AM EST

"These patterns are unique even among twins."

FYI: DNA is the same in identical twins because they are natural clones.



--
[ イノシロ ]
[ Parent ]
Re: "genetic identity" and replay attack (none / 0) (#17)
by Anonymous Hero on Tue Jul 04, 2000 at 01:26:45 PM EST

That's his point--fingerprints are not entirely determined by DNA, therefore they are different between identical twins, even though the twins' DNA is the same.

[ Parent ]
Re: "genetic identity" and replay attack (none / 0) (#18)
by Anonymous Hero on Wed Jul 05, 2000 at 12:42:21 PM EST

No, it cannot necessarily be played back at all. If the scannign device performs it's own key signing and encryption, the data would be useless a second time. This is how bank machines work. You can't just 'tap the line' and 'play back' whatever was on it before to repeat a transaction. Each transaction generates a unique conversation.

[ Parent ]
Most biometrics won't work for all people (none / 0) (#9)
by squintygeek on Mon Jul 03, 2000 at 10:29:54 AM EST

Although biometrics seem to provide a very good means of authentication, most of them exclude someone from using them. Deaf people often cannot speak with sufficient coherence to repeat a pass-phrase for a system that relies on voice. And I have a good friend who has artificial eyes and who has no detectable fingerprint. The agency that hired her keeps each employee's fingerprints on file. The agency, and the FBI, could not obtain a good print from her. She works as a programmer, using systems that require passwords throughout her day. If biometrics replaced the passwords, she could be looking for another job.

I realize that she is vastly in the minority, but her example illustrates the problems with biometrics. If someone looses eyes or hands, she should not lose her identity in the systems that she uses. The only foolproof method is one that uses a feature that everyone has. I remember seeing a report about a company developing a biometric system using characteristics of a person's face to identify people. The report mentioned that the technology has far to go. I hope, for the sake of my friend or anyone who might lose eyes or hands, that biometrics will include them.

Re: Most biometrics won't work for all people (none / 0) (#10)
by HiQ on Mon Jul 03, 2000 at 10:48:50 AM EST

She's a programmer, and her fingers are so worn down that you can't get a fingerprint of her!
Must be one hell of a code cruncher then ;-)
How to make a sig
without having an idea
just made a HiQ
[ Parent ]
Re: Most biometrics won't work for all people (none / 0) (#21)
by tarcus on Fri Jul 07, 2000 at 06:43:29 AM EST

Just throw some acid in someone's face and that can't be used either. I've seen the aftermath of a spate of acid-throwing attacks that happened in a part of africa (women who believed that their husbands had been sleeping around were throwing acid in the faces of those suspected of sleeping with him --- hey why not throw it in *his* face!).

At any rate, biometrics suck. There's *nothing* that any person has that they can't lose, so you can't put a system in place that doesn't have alternatives.

[ Parent ]
More Than One Method (none / 0) (#13)
by matthead on Mon Jul 03, 2000 at 05:56:14 PM EST

It's a good idea, isn't it, to combine more than one method of identification. For example, the Kansas Bureau of Investigation has issued "Smart Cards" to all it's personnel, in addition to a password that they all must remember. Thus, the authentication becomes what you have and what you know.

These smart cards are a little different, though. They're called "tokens," and look like a stopwatch; you know, the kind you wear around your neck. The keys on these tokens are recalulated every 5 minutes, so it's important that the clock on these is in sync with the clock on whatever server you're authenticating against.

I heard a presentation from a couple KBI employees at the CHECK 2000 conference in Manhattan. They seemed awfully pleased with the system.


--
- Matt
I'm at (0.3, -2.5). Where are you?
"Personal Entropy" (none / 0) (#16)
by Anonymous Hero on Tue Jul 04, 2000 at 11:26:49 AM EST

Sort of in-between these setups is another way of doing it. Check out this page to download Ellison's paper on Personal Entropy (postscript or pdf).

The basic premise is this: take a key, and use Shamir's secret-splitting scheme to break it up whichever way you like (perhaps 10 out of 15 shares are required). For each of these shares, have the user generate a highly personal and specific question that would be difficult for anybody else to know ("What was the first vehicle I drove?"). Use the hash of the response to encrypt the current share.

When somebody wants to recover the key, s/he has to correctly answer at least 10 out of the 15 questions (in this case) to recover the key.

This is sort of in-between "something you know" and "something you are". Of course, it's also dependent upon having the proper questions readily available (imagine if I swapped "first vehicle" with "first motorcycle"-- the answer would probably be different). It has some implementation issues, but it's a pretty good system...

Biometrics -> globally unique identifiers (5.00 / 1) (#20)
by Anonymous Hero on Wed Jul 05, 2000 at 06:41:40 PM EST

One of the biggest social (not technical) issues with biometrics is the fact that they can easily become a globally unique identifier -- or at least perceived as such.

I suspect we're already seeing this with the massive "cold case" fingerprint searches. Historically the police performed fingerprint searches locally, and while it was slow it also ensured that the prints searched had some relevance. But now these prints (or more precisely, the mathematical abstraction of those prints) are sent to the FBI to be checked against the 50+ million prints on file.

There must be false positives occuring, but most of them would be dismissed by 1) a person checking the prints, 2) a person checking the facts (e.g., Sue Smith's prints match, but she would have had to commit the rape three years before she was born), or basic detective work shows that the person couldn't have commited the crime for other reasons. (E.g., the person was aboard ship in the middle of the Pacific when the crime occured in Kentucky.)

The remaining cases are... scary. If you're in your 40s, can you prove that you didn't commit a nearby rape while in college? The DNA evidence seems damning, and it is extremely hard to provide *any* evidence to the contrary after that many years. All you can do is hope friends and relatives have pictures that show you look nothing like the rapist.

Criminal cases, at least, have a fair amount of double-checking performed. Now imagine your typical child support payment office running national searches against iris biometric databases. There are already several well-documented cases of innocent men having their bank accounts and paychecks garnisheed without prior notice for "back child support payment." The agencies involved demonstrated a shocking indifference to the consequences of their actions, and without money it's hard to find a lawyer willing to fight to open "closed" cases. (The cases were considered "closed" because the man ignored prior court documents - even though everyone involved freely admits that they never notified him because he was "hiding.") All of this comes out of a false match caused by similar names or SSNs, identity theft, or the like.

You can imagine how much harder it will be to fight this when the "evidence" is the fact that biometric sensors show the same iris or fingerprint! "Everyone knows" that fingerprints and irises are unique, that the methods used to distinguish them are foolproof, etc. *shudder*


Proving Yourself | 21 comments (19 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!