Biometricsveryard projects > security > biometrics
|we offer||news and comment||techniques||on this website|
independent advice on tools and methods
|November 2003 The British home secretary announces
that biometrics are 100% reliable as a method of identification.
We believe this is a grave mistake. Such technological claims cannot be proved, and have a history of being disproved. Biometric impersonation may be difficult and expensive today - but who is to say it will always be difficult and expensive?
If someone abuses my credit card, I can get a new card number. But if someone manages to abuse my biometrics, I can't so easily change my fingerprints or my eyeballs. Biometric repudiation only happens in James Bond films.
Biometric Impersonationveryard projects > security > biometrics > impersonation
Impersonation can be enabled by access to the secret identification keys that are used by systems to identify people, and this leads to undermining the control and audit purposes of the systems that use these keys.
There are many systems with which I interact, which deploy various mechanisms to determine and confirm my identity. These are typically based on keys of various kinds – from passwords, through personal data (such as mother’s maiden name), to biometrics such as fingerprints and iris scans. These keys can be held in various ways – for example, stored in a person’s brain or smartcard, or instantiated in a person’s body.
These mechanisms rely on the secrecy of the data used. But this secrecy is very hard to maintain. Every time my fingerprints, iris or smartcard are scanned for security purposes, or my voice recorded, this captures some data that is used to identify me. Every time I am called to the phone in a retail store to confirm my identity, I am forced to utter some of my identifying data to the credit card operator in front of the assistant and other customers. Every time I use a glass in a pub, someone has the chance to record my fingerprints. Over time, I should expect these data to leak out. And given enough time, a really clever and determined investigator might even be able to discover my mother’s maiden name.
If other people have access to these data, they can impersonate me. Tsutomu Matsumoto, a Japanese mathematician and cryptographer, has recently shown how easy and cheap it is to fool a fingerprint scanner by imprinting the required fingerprint onto a gelatine finger. Although the vendors of biometric devices may claim total reliability, such claims are impossible to prove; it is safer to assume that any biometric device can be spoofed – and probably will be.
If a secure installation,
such as a nuclear power plant, relies on employee biometric data to control
entry, then what happens when an employee’s biometric data are stolen and
published on an anti-nuclear website? Perhaps all employees are required
to wear cotton gloves and dark glasses when in insecure places – such as
restaurants. (But of course, this makes them even more obvious as targets.)
|Identity and Impersonation|
Biometric Repudiation / Revocationveryard projects > security > biometrics > repudiation
But this is a problem when the keys are biometric ones. Let us suppose that an airline has installed a cockpit security system, which only allows someone to fly a plane if his iris scan matches the one on his licence. If a terrorist organization has stolen the iris scan of a particular airline pilot, and has issued several of its members with contact lenses imprinted with this iris scan, together with forged licences, then the system may no longer be able to accept the iris scan of this pilot as sufficient identification. The pilot repudiates his iris scan, as it were. However, if this pilot is to continue working as a pilot – something we may assume to be of value both to him and to the organization – he now needs some other mechanism for gaining access to the cockpit.
Biometric data are practically impossible to change – even if I discover that they have been published somewhere. I can change passwords, but I can’t so easily change or repudiate my iris, fingers or mother. If my identity is constituted by such identifiers, it must presumably remain the same throughout my adult life.
Biometric - More Materialveryard projects > security > biometrics > material
|Some of the material on this page is extracted from an article published by CBDi Forum, September 2002 [abstract]. Full article available to subscribers.|
|Identity and Security
Signature as Token of Identity
Biometric Linksveryard projects > security > biometrics > links
|[Bruce Schneier] [Ross Anderson]|
|veryard projects > security > biometrics||
Copyright © 2003 Veryard Projects Ltd