funsec mailing list archives
Re: To see why iris scanning can be a biometric ...
From: Dan Kaminsky <dan () doxpara com>
Date: Sun, 22 Aug 2010 00:19:30 -0400
So there were actually a couple of *really* cool papers at SIGGRAPH this year: Normally, computers graphics is all about, given a material, determine the way light interacts with it. Lately, the field has been moving the other direction -- given an understanding of the way light interacts with a material, synthesize something with those properties: Physical Reproduction of Materials with Specified Subsurface Scattering http://www.cs.princeton.edu/gfx/pubs/Hasan_2010_PRO/index.php * *Fabricating Spatially-Varying Subsurface Scattering http://www.dongallen.com/project/fabscat/fabscat.htm (heh.) The general problem with biometrics is that they leak. We've already seen spoofing hit fingerprint scanners -- with gummi bears, no less. It's pretty clear that 3D printers are effectively becoming material replication engines. Ginning up a sufficienct ocular biometric is going to be an affordable proposition in an uncomfortably small period of time. We have much lower standards for biometrics than crypto ciphers. People _really_ want to be able to self-authenticate. That being said, security might be quantized, but it's not absolute. Once you start throwing in things like threats to family, not even duress phrases are a catch all ("anything happens to us, your family is dead in a year"). And there has never, in the history of man, been a security technology that has achieved complete success against repudiation. Just not how the world works. Last note -- my understanding is that iris entropy is pretty high -- not as high as blood vessels on the retina, but higher than fingerprints, and way higher than hand geometry. It also leaks "less", in that fingerprints are just deposited everywhere. On Sat, Aug 21, 2010 at 11:51 PM, Tomas L. Byrnes <tomb () byrneit net> wrote:
To rephrase in language of security; The requirement is a non-repudiable, non-forgeable, single identity token. The mooted solution is iris scanning, because it is unique, and supposedly hard to copy. The premise is that this can be used solely on the basis of “something you have or are” as opposed to the time-honored double verification of “something you have and something you know”. Applying basic logic, this means that the mooted solution is only valid if the token (the iris) is indeed cryptographically validly (meaning more complex than the equivalently acceptable crypto algorithm is to crack or spoof) non clonable/stealable for the required level of access. Since you can always kidnap someone or their family, and hold a gun to their head to make them scan their own real eye, and if there is no secondary authentication that could allow for a “I’ve been compromised” response, the whole concept of iris scanning as a single token is busted. The invalidity of just scanning an iris as a means of access control and authentication has nothing to do with the uniqueness of the iris, and everything to do with the ease of acquiring a particular iris with the access you require. Absent the ability to further authenticate the legitimacy of the access request, to include appropriate response to duress (don’t lock out, allow access and then interdict), any access control method fails the basic logic of defense against probable attack scenarios. *From:* funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] *On Behalf Of *Dan Kaminsky *Sent:* Friday, August 06, 2010 4:27 PM *To:* rmslade () shaw ca *Cc:* funsec () linuxbox org *Subject:* Re: [funsec] To see why iris scanning can be a biometric ... Anything can be a biometric. The problem is we leak the damn things all over the place. On Fri, Aug 6, 2010 at 8:18 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah <rmslade () shaw ca> wrote: http://www.photographyserved.com/Gallery/Your-beautiful-eyes/428809 ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org After the rush is over, I'm going to have a nervous breakdown. I've worked for it, I owe it to myself, and nobody is going to deprive me of it. victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- To see why iris scanning can be a biometric ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 06)
- Re: To see why iris scanning can be a biometric ... Dan Kaminsky (Aug 06)
- Re: To see why iris scanning can be a biometric ... Rich Kulawiec (Aug 08)
- Re: To see why iris scanning can be a biometric ... G. D. Fuego (Aug 08)
- Re: To see why iris scanning can be a biometric ... Tomas L. Byrnes (Aug 21)
- Re: To see why iris scanning can be a biometric ... Dan Kaminsky (Aug 21)
- Re: To see why iris scanning can be a biometric ... Michael Simpson (Aug 25)
- Re: To see why iris scanning can be a biometric ... Larry Seltzer (Aug 25)
- Re: To see why iris scanning can be a biometric ... Dan Kaminsky (Aug 06)