[2405] in cryptography@c2.net mail archive
biometric key management (was: Re: Deniable Cryptography [was winnowing, chaffing etc])
daemon@ATHENA.MIT.EDU (sinster@darkwater.com)
Mon Mar 30 19:10:26 1998
Date: Mon, 30 Mar 1998 15:58:27 -0800 (PST)
To: cryptography@c2.net
In-reply-to: <Pine.LNX.3.96.980330141710.11318A-100000@localhost> (message
from Michael Graffam on Mon, 30 Mar 1998 14:45:36 -0500 (EST))
From: sinster@darkwater.com
Sprach Michael Graffam <phundie@mhv.net>:
> If we have a physical system that gets key information from the user
> through biological feedback that takes stress conditions, blood
> pressure, etc into account then if any of these signs are out of the
> norm the device can generate bad key information as a result of
> this.
Oh, I can see it now. You're called out of bed at 3:00am Monday morning
because the product build isn't working that has to ship in 6 hours, and
a $100M account is threatening to pull out because you're already 3 weeks
late and the sales department guaranteed an unreasonable delivery date.
You have to unlock something so they can fix the build. Everyone's in
panic mode. You come in, bleary eyed and nervous, and the system detects
that and refuses access. That makes you more stressed, and it gets worse.
Descending spiral.
In a more intellectual side, biometric solutions to key management don't
solve anything: they simply shift the burden of security from wetware
to hardware or software. Somewhere, there has to be a comparison copy
of the biometric parameters, unless the biometric parameters are used to
algorithmically generate a key. Either way, all you're doing is shifting
the trust from the input stream from one device (a keyboard, card reader,
or whatever) to another device (the retinal scanner, or fingerprint reader,
or naval lint composition analysis unit).
What's worse, since biometric parameters are (hopefully) relatively constant
over time, anyone who has access to that data for any one person has enough
information to bypass _all_ the biometric checks for that person, whether
those checks are at the ATM or the weapons test facility. Such a privileged
person then only has to worry about the other protection systems. And
frankly, I don't trust Wells Fargo or Bank of America or any other business
for that matter to keep my biometric parameters secure: the mildest perusal
of any RISKS digest archive should show my point.
--
Jon Paul Nollmann ne' Darren Senn sinster@darkwater.com
Unsolicited commercial email will be archived at $1/byte/day.
"I believe there are more instances of the abridgement of the freedom of the
people by gradual and silent encroachment of those in power than by violent
and sudden usurpations." James Madison, speech, Virginia Convention, 1788
