Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hashing Out the Next Step in Biometric Security

Posted by ScuttleMonkey on from the facial-hashing-sounds-painful dept.

ergo98 writes "CNN is running a story about biometric hashing. Using this technique, biometric inputs (such as facial characteristics) are altered based upon individual characteristics in a hopefully one-way process. The goal is to continue to reduce the risk of a back-end data exposure."

3 of 117 comments (clear)

  1. DNA Hashes by Crixus · · Score: 3, Interesting

    It seems like DNA already is a fairly unique method of hashing.

    This actually seems easy to do. Combining various biological inputs to derive a unique identitfier.

    It doesn't seem like a GOOD idea quite yet, but it certainly seems like something that companies will pursue since I'm sure there are people willing to pay money for it.

    --
    Ignore Alien Orders
  2. Re:Compromises? by mikiN · · Score: 3, Interesting

    It would be better if a biometric identification could combine several characteristics together in such a way that only a (complete) living person could provide them, for example:
    - iris ID combined with testing of the accommodation reflex, to make sure a real, functioning eye is looking at the camera.
    - fingerprinting combined with infrared scanning, to verify that an unaltered living finger is used.
    - voiceprinting of unique and varying phrases to eliminate recordings.
    and so on.

    --
    The Hacker's Guide To The Kernel: Don't panic()!
  3. Re:Compromises? by Afrosheen · · Score: 4, Interesting

    Try this one on for size. It's my little gift to the biometric community.

      In many protocols, when a session is initiated, the beginning of the transaction includes a handshake. One side says hello are you there, the other replies yes I'm here and the session continues.

      Why not make an actual, physical handshake verifier? I'm sure most people are consistent with their real handshakes, and there are a wide variety of measurable parameters a handshake can provide. For example, when shaking someone's hand, you apply very specific pressure, grip a particular way that spreads pressure to consistent points on your buddy's hand, hand temperature (which can vary depending on a number of factors but we're talking average), hand placement, duration and motion of the shake, etc. You could take it one step further and teach your employees and the system some jive handshakes that involve many steps. The admin could have the most intricate handshake of all.

      The beauty to all this is that handshakes tend to be very personal and never given out. How could someone hack or even learn a secret handshake? It'd be pretty damn hard to do and even harder to replicate once you figured out the sequence due to pressure and duration, etc.

      Schneier should give this one some thought. All you really need is a rubber jointed hand sticking out of the wall (or hidden inside it, retractable) that feels appropriately like a real human hand. Ask the RealDoll people for advice on this. Load it up with sensors and start training it.