Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hashing Out the Next Step in Biometric Security

Posted by ScuttleMonkey on from the facial-hashing-sounds-painful dept.

ergo98 writes "CNN is running a story about biometric hashing. Using this technique, biometric inputs (such as facial characteristics) are altered based upon individual characteristics in a hopefully one-way process. The goal is to continue to reduce the risk of a back-end data exposure."

27 of 117 comments (clear)

  1. Compromises? by Poromenos1 · · Score: 5, Insightful

    I don't like this. Say that someone discovers the "password" (the hash), then you're done. You can't change it (unless you grow a moustache). Same goes with fingerprints, etc. I think a password (passphrase) is much more practical.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
    1. Re:Compromises? by Poromenos1 · · Score: 2, Interesting

      Hmm, this appears to be a kind of salt applied to the picture so they can change it if the hash gets stolen. But then, why not just apply the salt to the hash (like normal md5 salts), and just change the salt when it's stolen? The salts (like the minutia points) would be stored somewhere and the attacker couldn't use the same salt if you changed yours.

      --
      Send email from the afterlife! Write your e-will at Dead Man's Switch.
    2. Re:Compromises? by Doug+Coulter · · Score: 5, Insightful

      Bruce Schneier (counterpane.com) has published on and linked to a lot of other publications on the implications of biometrics, and how easy they are in general to steal. Can't just change your password, you've only got 10 fingers (I hope!) and so on. The whole thing is a very bad idea, and most extant schemes are trivially cracked no matter how "secure" the backend. Pictures of retinas/faces have worked, lifted fingerprints translated to gummy silicone have worked, and so forth. No fancy skillz needed to get past any existing system.

    3. Re:Compromises? by mikiN · · Score: 3, Interesting

      It would be better if a biometric identification could combine several characteristics together in such a way that only a (complete) living person could provide them, for example:
      - iris ID combined with testing of the accommodation reflex, to make sure a real, functioning eye is looking at the camera.
      - fingerprinting combined with infrared scanning, to verify that an unaltered living finger is used.
      - voiceprinting of unique and varying phrases to eliminate recordings.
      and so on.

      --
      The Hacker's Guide To The Kernel: Don't panic()!
    4. Re:Compromises? by Achromus · · Score: 2, Informative

      RTFA. If you do, you'll see that IBM describes a technique for making "cancellable biometrics", in which companies can alter the way the hash is distorted. If the hash is compromised, the company could change the distortion applied to the face, and obtain a new hash.

    5. Re:Compromises? by Afrosheen · · Score: 4, Interesting

      Try this one on for size. It's my little gift to the biometric community.

        In many protocols, when a session is initiated, the beginning of the transaction includes a handshake. One side says hello are you there, the other replies yes I'm here and the session continues.

        Why not make an actual, physical handshake verifier? I'm sure most people are consistent with their real handshakes, and there are a wide variety of measurable parameters a handshake can provide. For example, when shaking someone's hand, you apply very specific pressure, grip a particular way that spreads pressure to consistent points on your buddy's hand, hand temperature (which can vary depending on a number of factors but we're talking average), hand placement, duration and motion of the shake, etc. You could take it one step further and teach your employees and the system some jive handshakes that involve many steps. The admin could have the most intricate handshake of all.

        The beauty to all this is that handshakes tend to be very personal and never given out. How could someone hack or even learn a secret handshake? It'd be pretty damn hard to do and even harder to replicate once you figured out the sequence due to pressure and duration, etc.

        Schneier should give this one some thought. All you really need is a rubber jointed hand sticking out of the wall (or hidden inside it, retractable) that feels appropriately like a real human hand. Ask the RealDoll people for advice on this. Load it up with sensors and start training it.

  2. Please sit here to confirm your identity. by mikeophile · · Score: 4, Funny

    The goal is to continue to reduce the risk of a back-end data exposure. Surely you didn't think that photocopying your ass wouldn't get patented, did you.

  3. The executives of my firm by Anonymous Coward · · Score: 5, Funny

    are reluctant to adopt biometrics because they're afraid a crook will rip out their eyes.
    Seriously.
    They cited Demolition Man.
    For real.

    1. Re:The executives of my firm by kfg · · Score: 3, Funny

      I hope you've explained to them that it was only movie. Hollywood is always making shit like that up and getting the technical details wrong.

      I real life you just rip off the head.

      KFG

  4. One Way Process by buckhead_buddy · · Score: 4, Funny
    Using this technique, biometric inputs (such as facial characteristics) are altered based upon individual characteristics in a hopefully one-way process.
    Let's hope it's a one-way process. I don't trust any computer to alter my facial characteristics.
  5. Process schmocess by GillBates0 · · Score: 4, Funny
    ...facial characteristics are altered based upon individual characteristics in a hopefully one-way process.

    Heck, they need billion dollar research grants to figure out these "techniques"? Bubba, Sparky and his pals downtown would irreversibly alter an individual's facial characteristics given $100.00, 10 minutes and enough motivation.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  6. Bio-metrics, my ass! by Jah-Wren+Ryel · · Score: 3, Funny


    The goal is to continue to reduce the risk of a back-end data exposure.

    Sure, today they promise that they only want to do biometrics on my face and fingers. But its just the tip of the slippery slope. You know we can't trust them. Just like the social security cards used to all say "not to be used for identification" and look what good that did.

    I say that if we don't fight these biometric overlords, it is only a matter of time before they are forcing us to sit naked on copiers so they can xerox our asses! Make a stand now while you still have some dignity, and your pants!

    --
    When information is power, privacy is freedom.
  7. Biometric Encryption by bitkid · · Score: 4, Informative
    That sounds pretty old. Ever heard of Biometric encryption? The idea is to use a one-way hash on the biometrics, but also accounting for the fuzzy-ness in the reading. If the readings match, then the same hash comes out. Otherwise something random. See here...
  8. Re:Nothing is one way. by suitepotato · · Score: 2, Funny

    I have a very hard time believing it is possible to encrypt something one way. It is only a matter of time before some genius figures out a way to reverse it.

    You've obviously never seen what happens when the marketing department, accounting department, and human resources department intercept and edits the requirements report from senior executive management for new software before it gets to the programming department have you?

    --
    If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
  9. Re:Nothing is one way. by Poromenos1 · · Score: 2, Insightful

    Then I'll just XOR all my disc's file's bytes with one another. Someone will surely be able to reconstitute all the files given the one bit. In fact, I'll give you access to my entire disk; the hash is 1.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
  10. Isn't there a -1, WRONG? by Spy+der+Mann · · Score: 2, Informative

    Dude, you MUST study basic cryptography. Even MD5 is one way. Sure, you can guess WHICH strings can produce a determinate hash. But of those thousands (maybe millions) of combinations, can you really guess which one was ACTUALLY used?

    Anyway, the RSA is constantly working on getting better and better hashes. We got SHA-256, SHA-512 and SHA-1024. And these are way more advanced than SHA1.

    Unless of course, you're running quantum cryptography.

    Anyway, all it has to be done to create a "virtually unbreakable" hash is to make it large enough so that it can't be "cracked", so to speak. When SHA-2 collisions are found, we'll have SHA-3 and its variants, which will probably be 2048, 4096, 8192 bits... and so on.

    1. Re:Isn't there a -1, WRONG? by Mathinker · · Score: 2, Informative

      Although I agree that the GP seems pretty clueless with respect to basic cryptography, as you say, I have to correct you and the numerous following posters about the "irreversibility" of cryptographic hash functions.

      It is true that theoretically, these functions map an infinite domain of messages into hashes and therefore every hash has an infinite number of possible pre-images. This theoretical irreversibility is dependent on any random string being considered a possible pre-image.

      In practice, if one hashes a message with very little entropy, e.g., an English ASCII message is known to have 2+ bits of information/byte so given a 128-bit hash one would expect to be able to be able to find only O(1) English ASCII pre-images of lengths up to 512 bytes (rounding 2+ down to 2). If the message were to additionally be known to include a signature by a known public key using a 160-bit hash function you could then invert messages whose English text was up to 1152 bytes long!

      Your "solution" for making "virtually unbreakable hash" functions just makes this problem much worse. And the idea that you seem to espouse, that just making a hash "large enough" is going to make it useful cryptographically is just ridiculous.

      The first thing that should be taught in a "basic cryptography" course is that doing cryptography right is hard. Read the "Beware of Snake Oil" section Phil Zimmerman wrote in the manual for PGP 2.6.2...

      (Oh, one more thing --- you should beware of throwing around buzzwords like "RSA" and "quantum cryptography" until you check out what they really mean --- or at least check your typing)

    2. Re:Isn't there a -1, WRONG? by Mathinker · · Score: 2, Insightful

      OK, "mea culpa" --- I got bits and bytes mixed up
      in the calculations of my previous post.

      It looks less impressive when you have to divide
      by 8 to get bytes...

      That still doesn't make doubling the
      hash lengths every time they're broken a good idea.

      Unless you think the minimum message length will
      be increasing similarly?

  11. DNA Hashes by Crixus · · Score: 3, Interesting

    It seems like DNA already is a fairly unique method of hashing.

    This actually seems easy to do. Combining various biological inputs to derive a unique identitfier.

    It doesn't seem like a GOOD idea quite yet, but it certainly seems like something that companies will pursue since I'm sure there are people willing to pay money for it.

    --
    Ignore Alien Orders
  12. What about equipment maintenance? by antifoidulus · · Score: 3, Insightful

    Say what you will about passwords, the thing is the require *NO* extra equipment to keep running(well, a keyboard, but you probably need that for other purposes anyway) However, all sorts of biometric scanners need equipment to keep running, equipment that will fail one day, and of course it will be the day that you have to log into your account to fix a critical problem in a critical production system....

    --
    Monstar L
  13. More Misdirection from the Biometric Community by tiny69 · · Score: 4, Informative
    Biometrics is one mechanism for authentication. The three mechanisms for authentication are generally grouped into, something you know (password), something you have (swipe card), and something you are (biometrics). If either of the first two become compromised, they can be changed. Biometric features on your body cannot be changed. This is the major flaw behind biometrics. So the biometric community periodically playes games with the data on the backend hoping to misdirect the users away from the major flaw. "See, we hash your data, so it's secure...."

    A story that is still relavent whenever biometrics is brought up:

    http://www.hindustantimes.com/news/7242_1301216,00 180008.htm

    --
    Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
    1. Re:More Misdirection from the Biometric Community by Russ+Steffen · · Score: 3, Insightful
      The three mechanisms for authentication are generally grouped into, something you know (password), something you have (swipe card), and something you are (biometrics).
      In reality, those groups are actually:
      • something you can forget
      • something you can lose
      • something that can change as you age
  14. And for a reason by melted · · Score: 3, Informative

    Crooks aren't that smart. After Mercedes implemented fingerprint readers in some of their cars, there were several reports that some owners got their fingers cut off by thieves. These fingers, of course, could not start the car (no self-respecting fingerprint reader relies on fingerprint alone anymore), but that was not much of a relief for folks whose fingers got cut off.

  15. Re:Nothing is one way. by ampathee · · Score: 2, Interesting

    Dude.. MD5 (or any hash) maps an INFINITE space to a FINITE space!

    Think about it: it's basically a check-sum.

    Example: I'm thinking of 10 numbers from 0 to 255 inclusive. The sum of those numbers modulo 256 is 123. Now tell me what those numbers are, in the same order that I was thinking of.

    "some possible duplications" indeed :P

  16. Vender Lock-in for Questionable benefit by logicnazi · · Score: 2, Informative

    I find it interesting that IBM choose to distort the date in their biometric scanners before storage. Since the type of distortion is likely to be secret, proprietary, or just plain difficult to duplicate it effectively locks in any organization into the IBM scanners. Since their system database would only contain IBMs hashes of biometric data buying even one none IBM scanner would require rescanning every user.

    Now perhaps I am jumping to conclusions and IBM has implemented some kind of removable card interface for hashing but I find that doubtful. Moreover, hashing biometric data is of questionable benefit in any case. Most biometric data is more easily collectable by simple investagatory techniques (covert photography, dusting for prints) than reconstructing a face from the security data. Moreover, since biometric characteristics are necessarily unchangeable potential hackers could merely use the data from some other less secure biometric security system one of your users also uses. Heck, creating a fake biometric id system and using social engineering to get someone to use it would be way easier than reversing these hashes.

    Furthermore designing a secure hash to accomodate the inexact nature of biometric identification seems difficult. By it's very nature a secure hash cannot be guaranteed to map similar inputs to similar hashs. Thus either the hash will be insecure, the system too prone to false negatives to be usefull, or the biometric data must first be rounded to exact values (or for borderline cases just hash both possible ways to round). Yet a rounding scheme which avoids too many false negatives will significantly reduce the 'password' space.

    In a normal system the sensor would report all the biometric measurments to the authorization server which would compare the measurements to the stored measurements and see if they are sufficently close to an authorized user. Since a secure hash can't be 'close enough' the measurements must be rounded sufficently to always give the same value for the same user. The net result will be a reduction, not increase, in security. I actually suspect IBM isn't using a secure hash in the cryptographic sense.

    A more promising option in my opinion would be to implement a distinct algorithm in the sensor to check that the person had normal human features. Thus even if a hacker steals the biometric info and attempts to produce a fake he must not only duplicate those particular measurements but incorporate them into an image/texture which is otherwise human normal. Since these two algorithms can use different information it would be difficult to defeat. Furthermore since the human detection can be isolated in the sensor no vendor incompatibility issues arise and the algorithm can even be upgraded.

    --

    If you liked this thought maybe you would find my blog nice too:

  17. But will it be real "hashing"? by bcmm · · Score: 2, Interesting

    In my school's library, they have a fingerprint scanner instead of library cards (which I still think is bizarre overkill and no better than cards for stopping theft).

    They gave me a sheet of paper to sign, with small print that most people probably ignore. As I was interested, I looked through to find out how they protect my information. It turns out that they store a "hash" of the fingerprint which cannot be used to recover the print except by a method which only certain people at the company which sold the system know.

    So rather than a real secure hash, my fingerprint is protected by security through obscurity. I suspect it's much more like weak encryption than a hash, and that anyone who was really interested could get my fingerprint out, if they had the library's software available to reverse engineer.

    There's very little motive in a school, but if this type of system spreads to offices or even banks, there are going to be real problems.

    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.
  18. Wouldn't life be so incredibly simpler... by Circlotron · · Score: 2, Interesting

    ...if everyone everywhere was totally honest and always told the truth at all times? Now I fully realise that nobody is about to make this happen any time soon, and from that perspective I think it is interesting to note that with human institutions the more pervasive the influence and control they have over us the more they seem to be disposed toward lying. There is just *so* much stuff around us today that is necessary because so many are dishonest to a greater or lesser degree. If we all woke up one morning and this wasn't the case then I think it would take quite some getting used to.