I am a regular reader of the computer privacy digest, I also happen to be interested in Biometrics and digital signatures. I would welcome the following article being published in the computer privacy digest after 27 April. This will ensure a same week publication date as the Information Systems Audit and Control Associations Journal to whom I have promised a slight scoop. I would ask you to respect my wishes in this regard. The reason I am posting it too you now is that I will be in Oceania and India during this period and access to the net is very limited.
A little about myself I had my credit cards and identity stolen and fraudulently used in the UK in the eighties. I developed Veincheck in my garage as a means of tying the individual to their cards and possessions. Vein biometric technology is beginning to blossom the biowatch is my final piece of my biometric vision.
A third way for biometric technology.
Biometric developers see through the introduction of biometric technologies the establishment of a safer more secure world, a world largely free of fraud and robbery, where smart machines and services work only for legitimate users and owners. A Biometric nirvana where people bask in the warm paternal glow of large-scale biometric and video surveillance systems protecting their homes, transactions, streets, and borders.
Privacy groups predict an alternative future, they see a World where our consumer and lifestyle profiles are constantly monitored, updated and refined. A world where every individual is stalked by AI equipped computer driven marketing programs. A world where surveillance and biometric systems monitor all our social interactions, reporting on who we meet, what we buy, what we do, where we go. A world where surveillance and biometrics constrains our individuality, our hopes, dreams rage, anger, freedom and humanity.
Biometric companies are seeking to sell security systems predicated upon characteristics that are recorded in every photograph taken or left on every item touched! We are the biometric keys!
How reliable, how secure are these keys? Can they be mimicked, masked or modified?
Open View Biometrics
Many Biometric systems use "open View" traits. Traits that can be recorded by cameras or sound recording equipment or left on items we touch. Any other security system that lets the keys walk around freely, to travel off site unsupervised, go home in the evenings and at weekends, would be considered highly insecure! Because it's high tech. biometrics, it's the last word in security. Biometric systems have yet to be subjected to serious organised criminal attack. Once widely deployed this situation will change markedly. Attacks on Biometric systems via the mimicking of users biometric traits should be anticipated. Are Biometric systems robust enough to counter these challenges?
Attacking Biometric Systems
In May 1998 Network Computing reviewed six biometric fingerprint devices, only two could identify fake fingerprints. Attacks where an individual incrementally mars access to their biometric trait may train the biometric system to accept increasingly non-discriminatory information. The converse is also true. The incremental addition of information may swamp the true underlying biometric information and train the system to follow a false trail.
Multiple identities should be anticipated if subjects can re-enrol after adding or subtracting information to their biometric traits. Replay attacks can also be expected, if criminals can access the biometric transducer or comparitor. Systems management security issues should also be considered, a good biometric implementation can be compromised by ill-informed manipulation of the biometric systems thresholds or lax database management by the systems administrator.
Security is built on three elements (something one knows, a pin or password) something one has (a key, card or token) something one is (ones face, fingerprint, eye, voice or vein pattern). There is no perfect security, biometric technologies will help but are best-implemented in combination with other elements of the security trinity.
Privacy issues are coming to the fore in Europe and N.America. The European Union has mandatory comprehensive privacy legislation enacted by all fifteen EU member states and policed by an independent data protection authority. Canada is also reviewing its privacy legislation. In the United States public concerns regarding privacy have halted the Georgia fingerprint initiative, forced the recall of sold digital drivers license photos by a number of US States and impacted the launch of Intel's Pentium III processor.
Banks and other institutions are evaluating and piloting biometric systems for staff and public use. Focus group testing of customer's reaction to biometric systems is being undertaken in Europe and N.America. Some customers express concerns regarding the introduction of biometric systems, others decline to take part, most welcome them as beneficial security additions. The astute are beginning to ask what if their biometric trait is lost or stolen?
When a biometric trait is lost or compromised who is to blame? Is it the user for not taking care of a characteristic that is on open public view, or is it the biometric systems operators fault for not installing or running a secure system? These questions will no doubt keep lawyers busy in the very near future.
How do you compensate someone who has had their biometric trait "stolen" or compromised? The trait cannot be rehabilitated, it's lost forever and its loss will stay with them for their lifetime.
A third way for Biometrics:
A Blueprint for an autonomous, private biometric future
Second generation biometric systems are under consideration or being developed, which address these security and privacy concerns. Self-authenticating biometrically actuated smartcards, which the user carries in the purse or wallet or wears on the wrist, are coming to the fore.
The Biowatch a biometric smartcard housed within a wristwatch is one contender. It employs an opto-electronic bracelet to obtain the wrists subcutaneous infrared absorption profile, comparing this profile with a previously recorded template to identify its user. Watch embedded smartcards are currently in use in Europe and Australia. The Biowatch combines biometrics and smartcard functionality to provide a wrist worn biometric agent. It communicates to peripheral devices via standard IrDA or RF communications protocols, responding to challenging systems with an encrypted digitally signed authentication signature using standard public key cryptography.
A Biometric Agent.
The use of public key cryptography ensures that the biometric template is secret and held within the watch, merely an authorisation code is transmitted, encrypted by the users private key. No big brother, no large databases, no large-scale enrolment problems. The individual keeps their biometric identity private.
The Biowatch in conjunction with secure internet communications will allow users to download the key generation software, plus register their public keys with a certification authority of their choice.
They can choose a UK or US certification authority with key escrow key recovery agreements with GCHQ or the NSA, or they may choose to use, say an Icelandic certification authority which guarantees absolute privacy.
For those seeking privacy, only their public keys need to be published with no address or identifying details. If these keys have a good commercial record, pay their debts, have a sound financial history. Then companies and individuals will do business with them. If people are wary, they can take out an insurance policy with the certification authority, The Certification Authority will know who they are but guarantee privacy and secrecy.
A number of public keys can be registered for different commercial activities. What we are seeing is the globalisation of digital commerce, consumer choice is king. User certification will be simple and accessed via WebTV, NCs network computers and PCs. Users will be encouraged to register additional certificates (access and authentication rights) for Commercial transactions, tax returns and census reports, shopping, vehicles, computers, domestic security systems, transportation payment systems, firearms, phones and PDAs
Businesses can reserve a tranche of keys and distribute them to their staff for intranet and inernet transactions and communications. In future all Internal and external digital correspondence including letters, memos, spreadsheets, orders, invoices, bills and payments can be digitally signed validating the digital documents integrity, authorship and origins.
The human wrist unlike their purse or wallet is a limited area of real estate. The first to get a biometrically actuated smartcard there will stay and benefit from that user's patronage for their lifetime. The world is rapidly transforming into a global digital economy. The post millennium business battles will not be for what operating system or what network feeds into your domestic computer, or what biometric API is applied to ATMs and computer systems, these are merely side-shows. The major battle, the major prize is whose biometric smartcard with what software the world will wear on its wrist.
The Biowatch integrates the three elements of security to provide a comprehensive security solution, it only needs to undertake a biometric verification once per day, upon being strapped to its owner. Thereafter, whilst strapped to the owners wrist it will maintain itself in a biometrically armed state. In addition it will generate and store within a cache, a series of authentication codes encrypted by the users/biowatches private key. Thus there will be no FRRs ( false rejections ) or waiting for the Biowatch to encrypt a new authentication code. Authentication of the user to myriad personal, public secured financial and access services will be fast and transparent. For high security applications a full challenge response protocol can be applied.
Vulnerabilities are concentrated within generic biometric systems, theft of biometric templates or databases even if encrypted compromise all biometric templates contained within the system. Simpler more secure, proven key management procedures are in place through public key cryptography systems. The Biowatch leverages these cryptographic strengths to provide a robust security solution.
a.. If they steal your car (hoisted into a removal van) what have they got? Only you're public key, which is published anyway. b.. If they ram-raid your home and remove your security system what have they got? Again only you're public key. c.. If they steal your Biowatch what have they got, a watch protected by a biometric with an encrypted absorption profile of your wrist that will lapse on a time limit set by you. a.. Phone the certification authority get them to revoke your public keys. Get another Biowatch and get on with your life.! A World Biometric Solution
The Biowatch proposal provides a world solution, it provides secure authentication of the individual, their transactions and authorship at any open insecure Internet node or network terminal world-wide. The future does not lie in large-scale quasi-totalitarian biometric systems. Biometrics needs to meet customer and user requirements for security, privacy, convenience and acceptability. Personal biometric systems that the people own and control themselves fit these requirements. The Biowatch is a very sensible way forward for biometrics. It enhances freedom, security and privacy for the individual. Whilst reducing fraud, crime and insecurity for the community. Vein biometric products are being developed and applied in Europe, Asia, Africa and America. Watch embedded smartcards are being used in Europe and Australia.
The Biowatch a European innovation needs N.American organisation, marketing and dynamism to make it a world success.