A Third Way for Biometrics [long]
Joe Rice
to be interested in Biometrics and digital signatures. I would
welcome the following article being published in the computer
privacy digest after 27 April. This will ensure a same week
publication date as the Information Systems Audit and Control
Associations Journal to whom I have promised a slight scoop. I
would ask you to respect my wishes in this regard. The reason I
am posting it too you now is that I will be in Oceania and India
during this period and access to the net is very limited.
A little about myself I had my credit cards and identity stolen
and fraudulently used in the UK in the eighties. I developed
Veincheck in my garage as a means of tying the individual to their
cards and possessions. Vein biometric technology is beginning to
blossom the biowatch is my final piece of my biometric vision.
A third way for biometric technology.
Biometric Futures
Biometric developers see through the introduction of biometric
technologies the establishment of a safer more secure world, a
world largely free of fraud and robbery, where smart machines and
services work only for legitimate users and owners. A Biometric
nirvana where people bask in the warm paternal glow of large-scale
biometric and video surveillance systems protecting their homes,
transactions, streets, and borders.
Privacy groups predict an alternative future, they see a World
where our consumer and lifestyle profiles are constantly monitored,
updated and refined. A world where every individual is stalked by
AI equipped computer driven marketing programs. A world where
surveillance and biometric systems monitor all our social interactions,
reporting on who we meet, what we buy, what we do, where we go. A
world where surveillance and biometrics constrains our individuality,
our hopes, dreams rage, anger, freedom and humanity.
Biometric Vulnerabilities
Biometric companies are seeking to sell security systems predicated
upon characteristics that are recorded in every photograph taken
or left on every item touched! We are the biometric keys!
How reliable, how secure are these keys? Can they be mimicked,
masked or modified?
Open View Biometrics
Many Biometric systems use "open View" traits. Traits that can be
recorded by cameras or sound recording equipment or left on items
we touch. Any other security system that lets the keys walk around
freely, to travel off site unsupervised, go home in the evenings
and at weekends, would be considered highly insecure! Because it's
high tech. biometrics, it's the last word in security. Biometric
systems have yet to be subjected to serious organised criminal
attack. Once widely deployed this situation will change markedly.
Attacks on Biometric systems via the mimicking of users biometric
traits should be anticipated. Are Biometric systems robust enough
to counter these challenges?
Attacking Biometric Systems
In May 1998 Network Computing reviewed six biometric fingerprint
devices, only two could identify fake fingerprints. Attacks where
an individual incrementally mars access to their biometric trait
may train the biometric system to accept increasingly non-discriminatory
information. The converse is also true. The incremental addition
of information may swamp the true underlying biometric information
and train the system to follow a false trail.
Multiple Identities
Multiple identities should be anticipated if subjects can re-enrol
after adding or subtracting information to their biometric traits.
Replay attacks can also be expected, if criminals can access the
biometric transducer or comparitor. Systems management security
issues should also be considered, a good biometric implementation
can be compromised by ill-informed manipulation of the biometric
systems thresholds or lax database management by the systems
administrator.
Security is built on three elements (something one knows, a pin or
password) something one has (a key, card or token) something one
is (ones face, fingerprint, eye, voice or vein pattern). There is
no perfect security, biometric technologies will help but are
best-implemented in combination with other elements of the security
trinity.
Privacy Issues
Privacy issues are coming to the fore in Europe and N.America. The
European Union has mandatory comprehensive privacy legislation
enacted by all fifteen EU member states and policed by an independent
data protection authority. Canada is also reviewing its privacy
legislation. In the United States public concerns regarding privacy
have halted the Georgia fingerprint initiative, forced the recall
of sold digital drivers license photos by a number of US States
and impacted the launch of Intel's Pentium III processor.
Market Testing
Banks and other institutions are evaluating and piloting biometric
systems for staff and public use. Focus group testing of customer's
reaction to biometric systems is being undertaken in Europe and
N.America. Some customers express concerns regarding the introduction
of biometric systems, others decline to take part, most welcome
them as beneficial security additions. The astute are beginning to
ask what if their biometric trait is lost or stolen?
Identity Theft
When a biometric trait is lost or compromised who is to blame? Is
it the user for not taking care of a characteristic that is on open
public view, or is it the biometric systems operators fault for
not installing or running a secure system? These questions will no
doubt keep lawyers busy in the very near future.
How do you compensate someone who has had their biometric trait
"stolen" or compromised? The trait cannot be rehabilitated, it's
lost forever and its loss will stay with them for their lifetime.
A third way for Biometrics:
A Blueprint for an autonomous, private biometric future
Second generation biometric systems are under consideration or
being developed, which address these security and privacy concerns.
Self-authenticating biometrically actuated smartcards, which the
user carries in the purse or wallet or wears on the wrist, are
coming to the fore.
The Biowatch a biometric smartcard housed within a wristwatch is
one contender. It employs an opto-electronic bracelet to obtain
the wrists subcutaneous infrared absorption profile, comparing this
profile with a previously recorded template to identify its user.
Watch embedded smartcards are currently in use in Europe and
Australia. The Biowatch combines biometrics and smartcard functionality
to provide a wrist worn biometric agent. It communicates to peripheral
devices via standard IrDA or RF communications protocols, responding
to challenging systems with an encrypted digitally signed authentication
signature using standard public key cryptography.
A Biometric Agent.
The use of public key cryptography ensures that the biometric
template is secret and held within the watch, merely an authorisation
code is transmitted, encrypted by the users private key. No big
brother, no large databases, no large-scale enrolment problems.
The individual keeps their biometric identity private.
The Biowatch in conjunction with secure internet communications
will allow users to download the key generation software, plus
register their public keys with a certification authority of their
choice.
They can choose a UK or US certification authority with key escrow
key recovery agreements with GCHQ or the NSA, or they may choose
to use, say an Icelandic certification authority which guarantees
absolute privacy.
For those seeking privacy, only their public keys need to be
published with no address or identifying details. If these keys
have a good commercial record, pay their debts, have a sound
financial history. Then companies and individuals will do business
with them. If people are wary, they can take out an insurance policy
with the certification authority, The Certification Authority will
know who they are but guarantee privacy and secrecy.
A number of public keys can be registered for different commercial
activities. What we are seeing is the globalisation of digital
commerce, consumer choice is king. User certification will be simple
and accessed via WebTV, NCs network computers and PCs. Users will
be encouraged to register additional certificates (access and
authentication rights) for Commercial transactions, tax returns
and census reports, shopping, vehicles, computers, domestic security
systems, transportation payment systems, firearms, phones and PDAs
Business Applications
Businesses can reserve a tranche of keys and distribute them to
their staff for intranet and inernet transactions and communications.
In future all Internal and external digital correspondence including
letters, memos, spreadsheets, orders, invoices, bills and payments
can be digitally signed validating the digital documents integrity,
authorship and origins.
Opportunity
The human wrist unlike their purse or wallet is a limited area of
real estate. The first to get a biometrically actuated smartcard
there will stay and benefit from that user's patronage for their
lifetime. The world is rapidly transforming into a global digital
economy. The post millennium business battles will not be for what
operating system or what network feeds into your domestic computer,
or what biometric API is applied to ATMs and computer systems,
these are merely side-shows. The major battle, the major prize is
whose biometric smartcard with what software the world will wear
on its wrist.
Technical
The Biowatch integrates the three elements of security to provide
a comprehensive security solution, it only needs to undertake a
biometric verification once per day, upon being strapped to its
owner. Thereafter, whilst strapped to the owners wrist it will
maintain itself in a biometrically armed state. In addition it will
generate and store within a cache, a series of authentication codes
encrypted by the users/biowatches private key. Thus there will be
no FRRs ( false rejections ) or waiting for the Biowatch to encrypt
a new authentication code. Authentication of the user to myriad
personal, public secured financial and access services will be fast
and transparent. For high security applications a full challenge
response protocol can be applied.
Security
Vulnerabilities are concentrated within generic biometric systems,
theft of biometric templates or databases even if encrypted compromise
all biometric templates contained within the system. Simpler more
secure, proven key management procedures are in place through public
key cryptography systems. The Biowatch leverages these cryptographic
strengths to provide a robust security solution.
a.. If they steal your car (hoisted into a removal van) what have they
got? Only you're public key, which is published anyway.
b.. If they ram-raid your home and remove your security system what
have they got? Again only you're public key.
c.. If they steal your Biowatch what have they got, a watch protected
by a biometric with an encrypted absorption profile of your wrist that
will lapse on a time limit set by you.
a.. Phone the certification authority get them to revoke your public
keys. Get another Biowatch and get on with your life.!
A World Biometric Solution
The Biowatch proposal provides a world solution, it provides secure
authentication of the individual, their transactions and authorship
at any open insecure Internet node or network terminal world-wide.
The future does not lie in large-scale quasi-totalitarian biometric
systems. Biometrics needs to meet customer and user requirements
for security, privacy, convenience and acceptability. Personal
biometric systems that the people own and control themselves fit
these requirements. The Biowatch is a very sensible way forward
for biometrics. It enhances freedom, security and privacy for the
individual. Whilst reducing fraud, crime and insecurity for the
community. Vein biometric products are being developed and applied
in Europe, Asia, Africa and America. Watch embedded smartcards are
being used in Europe and Australia.
The Biowatch a European innovation needs N.American organisation,
marketing and dynamism to make it a world success.
--
J.Rice Veincheck
Joe Rice
Joe...@innotts.co.uk
http://innotts.co.uk/~joerice/