This there has been a high enough financial interest in biometric security solutions for the past few years. I am very skeptical of biometric authentication solutions -. They are a privacy disaster waiting to happen
For authentication, which is the process where you identify with a computer system to obtain access, you can use three things to get that access: you can identify with something you know (like a password), something you have (as a physical key), or something you are (like a fingerprint). Today, most authentication rely on something you know or have . Some use both, making them into what is called two-factor authentication.
On the sidelines, a number of companies are trying to do something good "what you are " concept - using something unique related to your body for you . provide adequate access a decade back, the identification based on retina-was the rage in upscale segment These days, the fingerprint authentication is coming on strongly. - link your connection to your fingerprints, especially with the fingerprint reader on the latest iPhone.
(by the way, having a fingerprint reader on a phone is one of the most dysfunctional security illusions sold the last decade. After all, if your phone is stolen and the thief needs your fingerprint to unlock it, the thief did not really need your actual finger :. fingerprints are literally all over the phone he already your phone, you've been holding and hitting every corner of its screen)
But we will. ignore dysfunctional solutions for a moment and focus on fingerprint readers and other biometric authenticators that work in theory. It is important to understand their technical function to see why they are a privacy scandal waiting to happen: whatever it is that is being scanned (fingerprints, retina, whatever) must first be converted into a set of numbers, then this set of figures can be compared to a sample that tells the computer what all is supposed to look like if it is good that you are trying to connect.
Each computer system can be seen as vulnerable in some way. There is simply no such thing as an unhackable system. On security, he said the only secure computer is one that is turned off, completely disconnected, taken to an unknown place, locked in a safe, then buried under ten feet of hardened concrete - and even then, you can not be entirely sure. In the case of biometric autentication, the interesting phase of the connection process is when the fingerprint (or retina) was read by the computer and converted into a set of numbers (a "signature"), but before that it is compared to your specimen. What happens if - no, when - an opponent puts his hand on the set of numbers that represents your fingerprint
In terms of security, this is known as a "replay attack". Can be seen in some old movies, when someone enters a password on the keyboard type that emits sounds that numbers are in a hurry, and someone has an old recorder close enough to catch the melody code Of the band. Then, the protagonist of the film goes to the door and plays the melody, the open. It does not really work like that with door codes, but that is the idea of a replay attack.
You know what happens when your password leaks, and you need to change?
Imagine what happens when your fingerprint signature leaks, and opponents are able to make you have to use your own footprint, replaying a fingerprint reader. What will you do next? Use your other hand, use another finger? What will you do after the tenth flight?
This ignores the fact that the courts will be completely unaware that the fingerprint data can leak as passwords. You have someone who testifies that the fingerprint data entered corresponds exactly Person X, and the court will trust the technology and experts.
This problem domain is something I have not seen discussed seriously in the biometric field, which is why I will not invest in biometric authentication - where I'm sitting, it looks like a scandal of private life waiting to happen
a worse example is the biometric armband nymi that stores your complete. bitcoin wealth and uses your personal signature heartbeat to give you access to it, to give you access to your own money. This raises two questions:
1) What will you do if your heartbeat signature leaks, and you need to change the signature? Get a heart transplant?
2) What will you do if you have a heart attack (that you survive) and signature Heartbeat unintended changes as a result, when you're locked out of your own bitcoin Vault?
Our society is still too blind to the implications of the new privacy technology, and does not take seriously.
Meanwhile, privacy remains your own responsibility.
0 Komentar