Biometric Security
More and more these days I hear about biometrics being the “security of the future” - that it is more secure to use a biometric asset to authenticate yourself than say a key, or password. ZDNet has an interesting article on the “crime of the future“, but I don’t think this is limited to fingerprint duping.
Through every advance in security or encryption we have seen a corresponding advance in breaking that security or encryption. Currently the whole private/public key method is probably the best approach for encryption, however it has been and will always remain time-sensitive. (Simple brute-force attacks will get better and faster as processing power progresses.)
So the point, right? The point is that when you place your fingerprint on a device to authenticate yourself, you are in effect handing over your private key to the hardware. Most good manufacturers will encrypt (or hash) the data before sending it to any authentication system, but this data could be diverted before encrypted, or other external means could be used to obtain the data. Once your raw biometric information is obtained, what recourse do you have? In traditional public/private key encryption, if the private key is compromised, you can always revoke it and get a new one. Where is your new fingerprint? Where is your new retinal pattern?
If we continue down this path of authenticating ourselves via our biometric signatures, we need to find a way to authenticate with something that is revocable and replaceable. What’s the answer, folks? Looking for comments here:
Tags:
Homme wrote:
Biorhythmic cycles. A truly unique list of physical measurements that continually change. PH level, voltage, temperature, and the pattern with which they change could represent a person’s identity.
Posted 17 Oct 2006 at 2:27 pm ¶