Slashdot Mirror
Exchanging Pictures To Generate Passwords
Roland Piquepaille writes "Today, Ileana Buhan, a Romanian computer scientist, is presenting her PhD Thesis at the University of Twente in the Netherlands. She is using biometrics to protect confidential information when it is exchanged between two mobile devices. This is a very innovative approach to security. Buhan's biometric application will generate almost unbreakable passwords from photos taken by the connected users. Here is how it works. 'To do this, two users need to save their own photos on their PDAs. They then take photos of each other. The PDA compares the two photos and generates a security code for making a safe connection.'"
so where does the bio part come in ? a picture isnt bio anything
then again this another crappy Roland article so its not suprising its short on facts and long on plagiarism
It doesn't work like that. From what I can tell, it uses the image as a seed.
This is secure as long as that picture is kept secure and NOT given to anyone else, ever.
However, given the nature of humans, that's too tall an order. If that picture ever leaves the phone on where it was taken, the security is broken.
And since Ms. Ileana Buhan is on Facebook, we have her photo along with her friends...say 'cheese!'
... between this, and simply generating a shared key? Honestly, I don't see any difference. In effect, that is more-or-less what this does... generate a shared key for later communication. Big deal. It doesn't matter whether it is "biometric" at all... other than the fact that so far "biometric" data has been far easier to fool.
And the "SecureGrip" project is a joke. In order for anyone in their right mind to stake their life on a biometric security device for their gun, it would have to reject others almost perfectly, and accept the legitimate owner infallibly... the latter being the more important of the two by far.
We are nowhere near that kind of perfection. I wouldn't touch something that uses even the most recent versions of "SecureGrip" with a 10-foot pole, much less pay money for it.
Why is that? If using random hashes make a password unbreakable then what's the ground breaking part of this? It's been known for decades that you need a very good random hash (and importance is proven with recent Debian comment-out code including gpg tools).
This application has some 'cool factor' since it would make your shoot pictures of your friends in order to protect your 'important' communication between them, but real problem in here is not hashing, it is password generation algorithm. If it has weaknesses your random hash (ie. salt) won't make it any secure. And also how applications reach/use this password is another factor.
Biometrics have a good 'cool factor' but they indeed put other problems into security. As other posters mentioned you can shoot picture of Alice and Bob, considering it uses facial information, you can mimic it. It is like you could get finger prints left on some fingerprint scanners. Besides libraries using those biometric data need to a lot more time to be proven as secure than textual password algorithm we use today.
I might be a conservative about this but I still believe that even though biometrics can put some additional security, they still need to be harvested with memorized (ie. textual or verbal) passwords. If you don't harvest them, then you add possible attack vector of biometric data encoder to underlying authentication stack code as well.
Every image is different, it has quite some randomness in it overall. I'm no cryptographer but can imagine that randomness is suitable to make keys.
What this unfortunately does not seem to address is the secure exchange of those keys. Making a very large secure random key and having a strong unbreakable encryption algorithm is one, exchanging those keys in a secure manner is another. Secure as in having no way of a third party listening in undetected, and getting the actual keys.
In this case the users have to take photos of themselves, and of each other: that indicates they have to be close together. Then the whole key exchange issue is trivial as it can be handed to the other party on a memory card or cable link or whatever. It is more interesting to be able to exchange those keys over a distance, over an insecure communication channel.
Take the pictures for this purpose only and then delete them after making the keys, problem solved.
Using biometrics means the actual pics need not be exchanged, but would they have to be taken from the same angle? Also, wouldn't an app sophisticated enough to do this accurately tax the limited memory of most mobile devices? As to security, assuming the would-be eavesdropper could tell that the salt was biometrically derived AND both knew and had access to pics of the people communicating, why would they bother to go through the trouble of cracking the encryption just to find out that so-and-so was seen necking with what's-his-name at a party?
The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny...
I'm not a cryptographer but this sounds exactly like a Diffie-Hellman key exchange except using photos to generate the key.
You would need still a copy of both photos to be able to decrypt the transmitted.
This assumes that the key-space used is large enough that a old fashioned brute-force isn't feasible.
That'd be great, 'cept I don;t know of an easy way to cable together two iPhones, or two Blackberries, much less between two different models/manufacturers.
The shake and bake shared secret is a great idea because it requires no additional connectivity. In fact the two devices can have NO network connection, but share only similar readings during an agreed time-window.
Accelerometers are only one way to generate "local data" that becomes a shared secret. Thermometers and other sensory input mechanisms that will (roughly) have the same readings in the same surroundings are also additional factors one can use to form the OTP.
Make sure everyone's vote counts: Verified Voting