Re: To see why iris scanning can be a biometric ...

[Dan Kaminsky <dan () doxpara com>]

So there were actually a couple of *really* cool papers at SIGGRAPH this
year:  Normally, computers graphics is all about, given a material,
determine the way light interacts with it.  Lately, the field has been
moving the other direction -- given an understanding of the way light
interacts with a material, synthesize something with those properties:

Physical Reproduction of Materials with Specified Subsurface Scattering
http://www.cs.princeton.edu/gfx/pubs/Hasan_2010_PRO/index.php
*
*Fabricating Spatially-Varying Subsurface Scattering
http://www.dongallen.com/project/fabscat/fabscat.htm  (heh.)

The general problem with biometrics is that they leak.  We've already seen
spoofing hit fingerprint scanners -- with gummi bears, no less.  It's pretty
clear that 3D printers are effectively becoming material replication
engines.  Ginning up a sufficienct ocular biometric is going to be an
affordable proposition in an uncomfortably small period of time.

We have much lower standards for biometrics than crypto ciphers.  People
_really_ want to be able to self-authenticate.

That being said, security might be quantized, but it's not absolute.  Once
you start throwing in things like threats to family, not even duress phrases
are a catch all ("anything happens to us, your family is dead in a year").
And there has never, in the history of man, been a security technology that
has achieved complete success against repudiation.  Just not how the world
works.

Last note -- my understanding is that iris entropy is pretty high -- not as
high as blood vessels on the retina, but higher than fingerprints, and way
higher than hand geometry.  It also leaks "less", in that fingerprints are
just deposited everywhere.




On Sat, Aug 21, 2010 at 11:51 PM, Tomas L. Byrnes <tomb () byrneit net> wrote:

>  To rephrase in language of security;
>
>
>
> The requirement is a non-repudiable, non-forgeable, single identity token.
>
>
>
> The mooted solution is iris scanning, because it is unique, and supposedly
> hard to copy.
>
>
>
> The premise is that this can be used solely on the basis of “something you
> have or are” as opposed to the time-honored double verification of
> “something you have and something you know”.
>
>
>
> Applying basic logic, this means that the mooted solution is only valid if
> the token (the iris) is indeed cryptographically validly (meaning more
> complex than the equivalently acceptable crypto algorithm is to crack or
> spoof) non clonable/stealable for the required level of access.
>
>
>
> Since you can always kidnap someone or their family, and hold a gun to
> their head to make them scan their own real eye, and if there is no
> secondary authentication that could allow for a “I’ve been compromised”
> response, the whole concept of iris scanning as a single token is busted.
>
>
>
> The invalidity of just scanning an iris as a means of access control and
> authentication has nothing to do with the uniqueness of the iris, and
> everything to do with the ease of acquiring a particular iris with the
> access you require.
>
>
>
> Absent the ability to further authenticate the legitimacy of the access
> request, to include appropriate response to duress (don’t lock out, allow
> access and then interdict), any access control method fails the basic logic
> of defense against probable attack scenarios.
>
>
>
>
>
>
>
> *From:* funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] *On
> Behalf Of *Dan Kaminsky
> *Sent:* Friday, August 06, 2010 4:27 PM
> *To:* rmslade () shaw ca
> *Cc:* funsec () linuxbox org
> *Subject:* Re: [funsec] To see why iris scanning can be a biometric ...
>
>
>
> Anything can be a biometric.  The problem is we leak the damn things all
> over the place.
>
> On Fri, Aug 6, 2010 at 8:18 PM, Rob, grandpa of Ryan, Trevor, Devon &
> Hannah <rmslade () shaw ca> wrote:
>
> http://www.photographyserved.com/Gallery/Your-beautiful-eyes/428809
>
> ======================  (quote inserted randomly by Pegasus Mailer)
> rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
> After the rush is over, I'm going to have a nervous breakdown.
> I've worked for it, I owe it to myself, and nobody is going to
> deprive me of it.
> victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://www.infosecbc.org/links http://twitter.com/rslade
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.