Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adding Biometric Security to an Existing Laptop?

Posted by Cliff on from the usb-retinal-scanner-anyone dept.

008 asks: "My work requires me to travel to some harsh climes with my laptop and other equipment, and the data I collect there is potentially very sensitive. Currently I use the PGP family to secure my drives, but my paranoia always demands more. IBM's biometric-ready Thinkpad really piques my interest, but getting one isn't feasible for me because it's too wimpy for the physical stress I'd inflict on it. I'd much prefer a way to biometrically lock a computer I already have. What options are out there?"

15 of 46 comments (clear)

  1. A few places by Hikaru79 · · Score: 2, Informative

    I'm pretty sure Targus and Digital Persona both produce the kind of addon you're looking for. Also, there's a biometric flash key available. Hope this helps :)

  2. Throw a blanket over it (the laptop) by gabraham · · Score: 2, Funny

    Security through obscurity.

  3. Biometrics Not Security Device by Undefined+Parameter · · Score: 2, Insightful

    As any IBM, Microsoft (hardware), or APC rep could tell you, Biometric devices are not security devices. If you want more security, look somewhere else.

    ~UP

    --
    Eat the Path.
  4. Biometric scanners are a sales gimmick. by mellon · · Score: 3, Informative

    You can't use them to protect your hard drive. All it takes to get the data off is for someone to pull the hard drive out and put it in a different system. You are better off sticking with PGP, which actually encrypts the data.

    1. Re:Biometric scanners are a sales gimmick. by Anonymous Coward · · Score: 3, Insightful

      LOL... biometrics don't work like that. The "hash" (template) you get is different, even with the same finger. That's why there are complicated algorithms that try to detect if it's "close enough" to match. You wouldn't get the same hash every time so this would not work for what you suggest.

    2. Re:Biometric scanners are a sales gimmick. by mellon · · Score: 2, Interesting

      Tragically, you are mistaken in this case. Biometric data is analog. All the scanner can say is "yes, that looks like the right fingerprint," or "no, that doesn't look like the right fingerprint." It can't produce a consistent digital value that is derived from the fingerprint. It is possible to make a fingerprint scanner that's self-contained and emits a key whenever it gets a match, but that's probably not what IBM is doing, because that would require putting a fairly expensive CPU in the fingerprint scanner.

    3. Re:Biometric scanners are a sales gimmick. by swillden · · Score: 2, Interesting

      All the scanner can say is "yes, that looks like the right fingerprint," or "no, that doesn't look like the right fingerprint."

      Actually, it's even worse than that. The scanner typically doesn't do anything like that. All it does is deliver a grayscale digital image (called the "livescan") over USB or whatever to your laptop. Software running on your laptop then must extract the interesting features, producing a livescan template, which it then compares against the stored template. The template comparison is fuzzy, as you said, and succeeds or fails based on a configured threshold of "closeness".

      The reason it matters that the matching is done on the laptop not in the scanner itself is because the fact that it's done on the laptop opens up a variety of additional attacks, ranging from replay attacks (attacker snarfs your livescan when you authenticate then just replays it to your machine -- no need to mess with trying to create a fake finger, and completely bypassing any liveness detection, etc.) to exploiting weaknesses in the software (buffer overflows, etc.) to all sorts of attacks on the software and templates stored on the machine. If all of this were done in the scanner, and if the scanner were hardened against attack, and if provided crypto services to the host after a successful authentication, it could be very valuable (though not without avenues of attack).

      Actually, a smart card that could do biometric matching on card fills would get fairly close. Unfortunetly smart cards have so little processing power that match-on-card implementations have to choose between unusably lousy and unusably slow.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  5. Don't bother by swillden · · Score: 4, Informative

    From a security perspective, it's probably not worth the effort. The circumstances in which a biometric authentication actually adds to your security are surprisingly restricted. Mostly, biometrics increase security by providing a convenient but weak authentication tool for situations in which the alternative is no authentication at all. The old saw about "something you know, something you have and something you are" presumes that the attacker actually has to "be" the "something you are" and can't simply bypass the authentication. That's hard to achieve in the real world.

    No, if you want to protect sensitive data on your computer, the main thing you need to do is to encrypt it, and then store the keys somewhere an attacker can't get them. If the keys are stored on the computer, then an attacker can probably get them. Keys stored in your head are safe, and keys stored in an external device which stays with you, not with the laptop, are also safe. Best is to use both.

    The best you can do presently, IMO, is to:

    1. Use an encrypting file system that allows you to store the keys on an external security token -- a smart card. Note that Microsoft Windows provides smart card support and encrypted file system support, but you can't encrypt your files with keys on the card. That's supposed to be fixed in Vista. At present, Linux and the *BSDs are the only way I know of to fully achieve this, and it's non-trivial.
    2. Use a boot password, and power your machine off whenever you're going to be separated from it. On most laptops today, the boot password is actually implemented by the hard drive firmware. Without the correct boot password, the drive will refuse to operate. To work around it, the attacker would actually have to replace the PCB on the hard drive -- a non-trivial operation. This is surprisingly good security. Getting it requires that you shut down your machine, though, not just suspend it.
    3. For the times when you don't shut your machine down, use a smart card for login, disable password-based login (so the OS *requires* the card) and make sure that your screen saver will come on and lock whenever the card is removed -- requiring the card and PIN to unlock it. This ensures that an attacker will (probably) have to shut the machine down before he can try to get at the data, and he'll run right into your boot password. Oh, and never leave the smart card with the machine.
    4. Finally, make sure that your machine isn't wide open to network-based attacks which would allow an attacker to trivially bypass all of the rest. Also, be very careful where you get software from to avoid trojans. Make sure USB devices and other peripherals don't get to run software upon insertion, either.

    In practice, 2 and 3 are pretty easy to do, and the result is fairly decent security. 1 is very good, but as I said it's not really easy to implement. 4 is critical and pretty hard to be certain you've done unless you simply disable network, USB etc. devices.

    If you have a laptop with a Trusted Computing TPM in it, there are some other options that may theoretically provide assurance levels that are almost as good as a smart card, but I'm not sure if the tools exist to make using those options practical, much less easy. I've been fiddling with using the TPM in my Thinkpad to bind the keys used for a dm_crypt encrypted file system.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    1. Re:Don't bother by swillden · · Score: 3, Informative

      In practice, all 3 reduce to the same thing- something you know. Need a smart card to log in? The smart card just knows a really long key. If you know the key on the card, making a forgery is trivial.

      Not really true.

      While it certainly is true that the smart card just knows a key, the value such a token provides lies in the fact that the key never leaves the card, so no one can know it. Particularly for PKI-based authentication technologies, most smart cards can generate the key pair on the card so that the private key never, ever leaves the card. The card can be configured to refuse to ever divulge that key, no matter how you authenticate yourself to it. Even for symmetric key-based authentication, as long as key injection and auth validation are both done in secure environments, it's reasonable to consider the key completely tied to the token.

      Of course, that assumes there's no way to bypass the authentication requirement.

      Biometrics are a particularly weak secret.

      Absolutely. That's why I say they're really only useful in circumstances where the alternative is no authentication at all. Well, they're also useful in extremely high security scenarios, where precautions can be taken to thwart all of the typical attacks. Those scenarios typically involve an armed guard scrutinizing the person who is authenticating themselves, authentication and matching systems that are under tight physical security, etc. The bottom line is that biometrics are much less useful than people naively think.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Don't bother by swillden · · Score: 2, Informative

      One place I have seen it and liked it is lockers at amusement parks.

      That's a terrible place to use biometrics. The false reject rate has to be very low or the customers will complain, which means that the false accept rate will be high. Combine that with the typically poor resolution of fingerprint matchers, throw in the effect of the Birthday Problem, and I guarantee that if you get a significant number of people who try to get into multiple lockers, you'll have some of them get into lockers that aren't theirs.

      Better make sure there's someone watching the lockers to catch people who go stick their thumb on every one. Or the system could lock out any finger that was presented to more than n lockers within a short time frame... assuming that could be done, I guess the system would be adequate.

      I'd still prefer a key safety-pinned inside my pocket, though. That can be broken, too, especially by the employees with the master key, but I'd trust it more than a biometric solution.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  6. how? or why would you? by gl4ss · · Score: 2, Interesting

    how is easy, just buy a usb dongle reader.

    but making it into a good use in the system, now that's a whole another issue. would you use the biometric data as a password for that pgp drive or what?

    --
    world was created 5 seconds before this post as it is.
  7. Biometric PC-Card by JackAsh · · Score: 2, Informative

    Identix makes a Biometric PC-Card:

    http://www.identix.com/products/pro_info_fp_biotou ch_pc.html

    Others:

    http://www.secure-it.com/products/umatch/via253.ht m
    http://www.thinkgeek.com/gadgets/security/6518/

    That would seem to be what you're looking for for a laptop. The Biometric sensor slides in and out of the card leaving it perfectly flush with the side of the laptop. This should help avoid accidental breakage.

    My experience comes mostly from the Identix Optical sensors. Problems:
    -Optical Biometrics can be bypassed via simple gummibear technology ;). Google it up if you don't believe it :).

    -Optical sensors are notoriously finicky. People with poor fingerprint definition - people who work with their hands, as in a garden (earth is abrasive) or workout with weights (sometimes the weight bars can be abrasive) might have problems getting their fingerprints read. Same goes for dry skin, and for some reason, black people. Not trying to be racist here or anything, we did a pilot at work a few years back and 9/10 black people had problems getting their prints read by the system.

    -Anything that messes with your Windows GINA authentication system can cause problems. I've seen the Identix product freak out if it couldn't find an internet connection, or a domain controller, or the internet connection was half baked, etc. It was very very random. May have been solved with their latest service packs.

    Finally, you're still best off applying some form of encryption to your files.

    Good luck,

    -Jack Ash

  8. BBC? Reputable? by way2trivial · · Score: 2, Interesting

    http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st m

    --
    every day http://en.wikipedia.org/wiki/Special:Random
  9. Re:I'm scared of proprietary encryption. by Intron · · Score: 2, Informative

    Perhaps you are unaware that NIST certifies encryption libraries so you don't have to believe marketing people. I would not use a product that can't show NIST certs.

    --
    Intron: the portion of DNA which expresses nothing useful.
  10. Re:How do you know...? by RMH101 · · Score: 2, Informative

    it's all about enterprise readiness. i don't have any personal experience of truecrypt, but I do of pointsec, and i'd trust pointsec enterprise-wide. it does decent recovery by authorised users, it can be installed silently when pushed out via SMS or login scripts, and it encrypts in the background. it just kind of works. truecrypt may be just as good, but as i say, i don't have confidence through experience with it yet.