Data Security

  • Data Security

    Security is a tough topic, but I worry that I'll get stuck with a database of verification data at some point. Biometric systems require the authentication of some part of your body: fingerprints, retinal scans, palm prints or now voice verification. I kind of subscribe to the same view on biometrics as Bruce Schneier, but it seems like an area that markets well, so I'm expecting to see more of this data over time.

    Which means as systems grow larger and we look to a distributed network, then we'll likely be looking to some sort of database. Not necessarily a RDBMS like SQL Server, but it could be. Which means that the security of the system is paramount to ensuring the integrity of the data.

    The big problem I have is that the system isn't really comparing your voice or retina to your voice or retina. It's comparing the representation of your retina to some stored representation that isn't necessarily yours. It's what's stored there and hopefully it's never been updated. Or it's been updated correctly.

    Can you imagine if your company secured all its financial results with retina scans, limited to the C-level executives? What if you could replace the CEO's retina signature with your own, view results, and then restore his signature? Sort of makes you worry about securing any other records.

    Biometrics is a cool idea, but it's got a whole lot of problems, not the least of which is the human that administers it. My advice is to decline the offer to administer any of these databases if you can.

  • Why should this be any worse than storing password data?

    'What if you could replace the CEO's retina signature with your own, view results, and then restore his signature?'

    or

    'What if you could replace the CEO's password with your own, view results, and then restore his password?'

    I don't see much difference from the point of view of the DBA.

  • I think identity management the greatest IT challenge of the next 5 years.

    We currently have a situation where multiple sites hold sensitive data about individuals.  Each site decides what information to store, what it will be used for, and how it will be protected.  The end result is that an individual has no effective control over their personal data, and at best suffers inconvenience if the data is inconsistant or misused. 

    The growth of Web 2.0 will amplify this situation.  If people want to build or use mashups that (say) centralise all their financial details to a single GUI, then safely maintaining identies at multiple sites is probably beyond the security skills of most people.

    I think the industry needs to move to a model where the individual has control over where and how their digital identity is used.  One technique is for vendors and service providers to obtain a one-time token from the identity owner to certify the transaction.  This would eliminate the need for multiple organisations to hold items desired for identity theft such as credit card numbers, etc. 

    Likewise for information collected by official bodies.  I should have free, unrestricted, but authenticated access to my tax details, my health records, and any other type of information not specifically barred for national security reasons.  Achieving this will not be easy technically, but as we get used to our every transaction, text message, transport use, etc being recorded by the government one of the main ways we can retain our status as a citizen rather than as a suspect is if the data collected is freely but securely available to the individual it relates to.

    The individual should also be able to fine-tune how their identity is used, and be able to post corrections where desired.  I would like to configure my debit card for pin-less use up to a maximum value in a specific geographical area.  (And for pin use in a different area.)  Likewise for my mobile.  If any of these get stolen, they become invalid if used outside the bounds I have set.

    Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

    When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

  • I think I'd rather have someone a little intimidated by the responsibility on the job rather than someone who isn't. Many of us have worked with databases containing sensitive data already and it's fair to say it's not fun, and there is only so much a DBA can do because other people have to work with some of that data.

    I like the idea of biometrics, not sure how good the implementation is. Or how important. How often does the cashier or whoever do more than glance to see if the credit card is signed? Finger prints, etc, might well reduce fraud from current levels.

  • Bruce makes a lot of good points. Except where there is full control over the hardware (plant entrance for example), biometrics suffer from the same weaknesses as passwords. Signing from a home computer with a thumbprint means that a digital representation of the print is sent over the line. Capturing such a digital representation is not much different than using a keylogger.

    And like he points out, there is a problem with 'firewalling' one's identity. I use a different password for each entity I deal with on the net (and ones that don't truly need the information do not even have my actual identity). A biometric, however would enable huge cross database correlations and as he pointed out, once it is compromised, much higher damage, harder to control.

     

    As for the voice ID example, it doesn't tell us much (like how many other false positives might exist if tested against a universe of recordings). Splitting identities is a lot easier than forgin an identity, and on a PC, voice modification is pretty cheap. Even if the analysis 'suspected' they are the same individual, undoubtedly the score would be much lower than a legal standard would require.

    [BTW where would 123 recordings come from-- presumably the scammer would not be in contact once he got the money and the scam was discovered-- is mass wiretapping common in Germany?]

    ...

    -- FORTRAN manual for Xerox Computers --

  • In principle there is no difference, but in PR terms there may be. People may have the wrong impression that a system is automatically more secure when it uses a biometric identifier, but as is pointed out above, if that identifier is stored in a database like any other data, it is just as prone to any tricks as other data types.

    Even trying to audit updates could in theory be compromised if someone can get to and change the audit table/database, and so on.

    It's the increasing discrepancy between the touted security method and the susceptibility to the same old hacks that Steve appears to be properly alluding to. It would probably be a PR nightmare to unveil a supposedly tough biometric system only to have it undermined within a year or less. One might call it the Titanic effect.

    Thanks,

    webrunner

    ---

    webrunner

    -------------------
    A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
    Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html

  • The link to Schneier's article is quite interesting. Like the editorial and posts they are very thought provoking. However I tend to want to take this back to a simpler time. Granted I am not offering a solution but a mere statement.

    "Locks only keep honest people out"

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

  • Did you see a joint episode of CSI Miami + CSI New Yourk where the bad guy kidnapped a girl so she would open the parent's safe with her hand impression? I mean on the top of the data security and quality of the update queries we also have a human factor. The legitimate owner of the biometric signature can use it not so much as expected under pressure.

    Regards,Yelena Varsha

  • Be careful to attach yourself to an article written 9 years ago regarding biometrics.  I am biased in that I work with and develop biometric solutions.  Too many generalities like the complaints listed regarding weeknesses can be said of just about any solution.  The realities are that the biometric systems in place today take in account encryption and nonce factors from the hardware device to the software application.  Meaning what comes off the reader must match what goes into the software - over a 3 foot cable. 

    If you are worried about internal access from a LAN/WAN - make sure it is private - not public - (no sniffers).   If you do have an internal sniffer you've got bigger problems to deal with. 

    The Biometric system I work with for network access stores the fingerprint template inside Active Directory.  If your active directory can be hacked you've got bigger problems to deal with. 

    If you store your fingerprint templates for proprietary applications in SQL Server (as I do) and someone can hack your DB security and get to the database tables to extract fingerprint templates - just like any other piece of data within your database - you've got bigger problems to deal with.

    Do you see the pattern?

    There has to be a balance between security and convenience.  With a more strict password policy you increase the likelyhood of the passwords be A) written down and/or B) Using a familiar pattern so that it is easily remembered. 

    So where is the point of least resistance - a password written on a post-it under the mousepad or trying to hack someone's fingerprint? - I'll take a fingeprint over a password any day and twice on Sunday.

    Regarding Physical Access (doors) - most systems allow you to register 1 or more fingers as a duress alert.  If you use the "alert" finger to get in - it lets you in but can then alert security that you are being forced in door.  Try that with a prox/swipe card.  No they'll just shoot you, take your card and walk right in.  That doesn't mean they'll force you in at gun point then once your in shoot you, but at least someone will know about it....

    Surely we aren't to the point that sensationlized shows like CSI are our basis of reality...

     

  • And someone that really wants in would most likely have observed you knowing which finger you use to get in (assuming it is a pro wanting in to the building).  Heck why would they need the rest of your body to get in?

     

  • Did you see the episode of "Myth Busters" where they were able to bypass several "home" biometric security devices?  I say "home" because surely the systems they were using didn't cost tens of thousands of dollars, but their test did include a thumb print door lock and a laptop thumb print reader.

  • There's been quite a few bypasses over the years, geletin moldsd and more.

    Whoever posted about the storage in AD, that makes sense. However the problem is still we take these as more secure than passwords and that's not necessarily the case. Especially when we start to note that having a biometric signature is unique to the individual. That can be more secure, but if it is compromised, that can be a bigger problem.

  • Let’s get practical here. In the practical application of passwords they are less secure than biometrics.  “Practical” is the key word.  Companies are not going to force an 18 character password with a minimum of 3 upper case, 4 numbers and 2 special characters that must change every 3 days.  It’s just not practical.  I’ll try to choose my words carefully as not to give the impression that biometrics is the be-all / end-all, 100% fool-proof application of security and access.  (in case we are trying to dismiss biometrics because it is not 100% fool-proof)

     

    It is much easier to hack a person’s password than to recreate a fingerprint model of that same person.  It is easier to keylog a password and play it back. The biometric system I work with never sends unencrypted data over the network. It creates a challenge/response, encrypted link between the sensor device and a trusted authentication server to protect the integrity of the data. The data cannot be captured and replayed later, as the challenge/response link is time sensitive.  Once again, the reality is that biometrics is more secure than passwords. Although not 100% fool-proof - What system is?

     

    All of our current models of cars have air-bags because they save lives - not because they save lives 100% of the time.  If you are concerned about just having biometrics as your only form of authentication, then add a 2nd factor such as password, token, or smart card.  I hope you still wear your seat belt even though your car has an air bag. 

  • Roger, I'm glad you're in this discussion; your experience brings some good points out that would not occur to most of us.  But what about the single sign-on problem?  For most systems that require me to authenticate, I have different passwords.  If I only have one fingerprint model as a password everywhere, as soon as that gets hacked I'm hosed.  And this is speaking not as a DBA/developer, but as one of the 26 million whose personal data was on that VA chucklehead's laptop when it got stolen (but not accessed, according to the FBI, yeah, right) or one of the 45 milllion who got my credit card info hacked from TJX because they stored it on their servers for over a year.  And no, I never heard directly from TJX.  They informed my credit card company and the cc company gave me a new card.  There will be three feet of snow in Baghdad before I ever spend any money in a TJX store again.  But even though I don't get VA benefits, I don't get to tell the VA to not store my data.

    There is no "i" in team, but idiot has two.
  • Someone in the thread said that people might believe a system is more secure if it uses biometrics than a system which doesn't use biometrics.  I think there's some truth to that statement and even to the belief.  I've been in the IT business for over 20 years and I can classify into two groups the types of organizations I've been exposed to.  Those organizations which actively pursue system security and those that don't.  The point is that while the logic of someone's system being more secure just because they chose to implement biometrics is completely unsound, the general idea might have merit.  If someone went to the effort and expense to implement biometrics they probably have done a MUCH better job of securing their systems than someone who hasn't.

    Remember a lock only helps show that someone broke in it doesn't prevent the break in.  If you have better security than your neighbor but have the same types of valuable possessions in your home, you can rest assured that the burglar is going to break into your neighbor’s home instead of yours.

Viewing 15 posts - 1 through 15 (of 16 total)

You must be logged in to reply to this topic. Login to reply