November 9, 2010 at 10:20 am
James Goodwin (11/9/2010)
Steve,Re: Fingerprint reader
How hard do you think it would be for someone to create a copy of one of those fingerprints and use it to log on to your laptop?
--
JimFive
If something that somebody wants badly enough is protected by your fingerptint then you can wave goodbye (perhaps that's not the best metaphor) to your finger. At least you can tell them a password.
November 9, 2010 at 10:30 am
Fingerprint security on a laptop is relative to the value of whatever data is on the laptop. It is perfect security for a laptop that contains nothing of significant value to a thief.
Most people who steal a laptop just want to steal the hardware and would be far more likely to reinstall the OS than to want to chop off your finger or to try and forensically lift a print from elsewhere to trick the sensor.
If a laptop wasn't worth encrypting in the first place, and someone wanted in to see your stuff, an attacker would rather just reset your password with a bootable reset disc, rather than to go to the trouble of messing with a fingerprint.
On the other hand, if your laptop data is highly valuable and you have decided it ought to be encrypted, the fingerprint represents a weak link in the encryption chain and isn't a good idea. There is a big difference between passwords and fingerprints: passwords are deterministic and identical each time they are presented, and can be used as key material (they offer numerous bits of entropy). Pictures of fingerprints are never alike and are matched subjectively and algorithmically, are generally boiled down to a "yes it's likely a match" or "no it's not" - there is negligible entropy and so fingerprints can't realistically be used as key material.
If your computer is secured by password-based encryption that can also be accessed with the fingerprint alone, then by design, and because fingerprints themselves aren't key material, the fingerprint software must have saved an unencrypted version of the key material (i.e. your password) somewhere in order to present it to the OS and log you in when it sees the fingerprint image it wants. A resourceful skilled attacker - who might otherwise be thwarted by the encryption - can exploit this fact to get past it.
November 9, 2010 at 12:05 pm
Fingerprint security on a laptop is relative to the value of whatever data is on the laptop. It is perfect security for a laptop that contains nothing of significant value to a thief.
So is no password at all.
Most people who steal a laptop just want to steal the hardware and would be far more likely to reinstall the OS than to [...]try and forensically lift a print from elsewhere to trick the sensor
Maybe, but maybe not. If lifting the print and getting past the scanner is relatively easy then a quick snoop of the hard-drive might be worth it, especially if the laptop owner has saved web passwords. Also, an authorized copy of Windows has some value.
the fingerprint software must have saved an unencrypted version of the key material (i.e. your password) somewhere in order to present it to the OS and log you in when it sees the fingerprint
I'm not sure this is true. I think that the fingerprint software can store a hash and present the hash to the OS. (Or use a challenge response protocol to prove the password)
--
JimFive
November 9, 2010 at 12:22 pm
Security is always about the cost of obtaining it vs the value of what can be obtained.
If the data you have access to is valuable enough, you have to assume someone may someday be pointing a gun at your children and telling you to get the data for them.
One step removed from that is someone pointing a bank account at one of your employees/coworkers and telling him to get them the data.
Neither can be defeated by any mechanical security measure available to the general public. Even national governments have trouble with this sort of thing.
The best defense of your data is to make it look like it's not worth the effort of getting. That can be achieved by increasing the effort/cost of obtaining it, and/or by reducing the value of the data.
Purging credit card information from databases is an example of "reduce the value". It helps to make it publically known that you don't store that data in the first place, because perceived value is the key here.
Using complex password/biometric systems is part of "increase the effort". Use a system that makes the perceived work greater than the perceived probability of a perceived reward.
If you want to use passwords that are too strong for easy memory, then write them down, but make them single-use, or something like that. Whatever you do, make the strong points of it well-known and obscure any weaknesses. Beyond that, phrases vs obscure strings vs misplacing your fingers on the keyboard, are all equally valid options, but only if they appear to make the security tougher than the reward.
And then hope you don't run into someone for whom breaking your really tough security is a reward unto itself, regardless of whether the tootsie-roll filling is worth it or not.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 9, 2010 at 12:54 pm
the fingerprint software must have saved an unencrypted version of the key material (i.e. your password) somewhere in order to present it to the OS and log you in when it sees the fingerprint
I'm not sure this is true. I think that the fingerprint software can store a hash and present the hash to the OS. (Or use a challenge response protocol to prove the password)
If the hash is all the OS needs, then by design, the hash must also be all the encryption algorithm needs to decrypt the data. Same with a challenge response protocol. In both cases, the key material (the input to the decryption algorithm that makes it able to decrypt the data) must physically exist on the hard drive somewhere alongside the encrypted data, and access to the computer hinges on whether the security software decides to grant access.
Contrast to password security, where the key material is computed from the password itself, and is physically not present anywhere in the computer to be found until typed by the authorized user, and without which, decryption is practically impossible in a mathematical sense.
November 9, 2010 at 1:10 pm
Mike Caldwell (11/9/2010)
the fingerprint software must have saved an unencrypted version of the key material (i.e. your password) somewhere in order to present it to the OS and log you in when it sees the fingerprint
I'm not sure this is true. I think that the fingerprint software can store a hash and present the hash to the OS. (Or use a challenge response protocol to prove the password)
If the hash is all the OS needs, then by design, the hash must also be all the encryption algorithm needs to decrypt the data. Same with a challenge response protocol. In both cases, the key material (the input to the decryption algorithm that makes it able to decrypt the data) must physically exist on the hard drive somewhere alongside the encrypted data, and access to the computer hinges on whether the security software decides to grant access.
Contrast to password security, where the key material is computed from the password itself, and is physically not present anywhere in the computer to be found until typed by the authorized user, and without which, decryption is practically impossible in a mathematical sense.
Fingerprints are passwords. They're both just data to a CPU. The rules for one are the rules for the other.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 9, 2010 at 1:15 pm
Fingerprints are passwords. They're both just data to a CPU. The rules for one are the rules for the other.
Fingerprints are non-deterministic passwords.
The hash of the string "Spongebob" is always the same, whether I compute it, or you compute it. It's a fixed immutable value, a 9-character string, always the same no matter how you look at it.
If I take two pictures of your finger, the resulting .JPG images will, with certainty, have different hash values. The pictures at a pixel level will differ in some way, even if you held your finger in the exact same spot. At best, I can render an opinion as to whether those two JPG images came from the same finger, which is what the algorithm essentially does. But that opinion can't be hashed into enough bits to constitute a reliably reproducible key.
November 9, 2010 at 1:27 pm
Mike Caldwell (11/9/2010)
Fingerprints are passwords. They're both just data to a CPU. The rules for one are the rules for the other.
Fingerprints are non-deterministic passwords.
The hash of the string "Spongebob" is always the same, whether I compute it, or you compute it. It's a fixed immutable value, a 9-character string, always the same no matter how you look at it.
If I take two pictures of your finger, the resulting .JPG images will, with certainty, have different hash values. The pictures at a pixel level will differ in some way, even if you held your finger in the exact same spot. At best, I can render an opinion as to whether those two JPG images came from the same finger, which is what the algorithm essentially does. But that opinion can't be hashed into enough bits to constitute a reliably reproducible key.
Actually, fingerprints are done as vector graphics, essentially. They work on points on curves, which are mathematically described, not on bitmapping (like a JPG). At least, the applications I've seen for them work that way.
Either way, it doesn't require a non-encrypted copy/hash of the fingerprint to be stored outside the encrypted drive data.
If you think it does, I'd like to see the proof. Either a whitepaper, or some documented hacking method that takes advantage of that, or something of the sort. I've never heard of such a weakness in fingerprint security, and I'd like to see data on it if it's a true attack vector.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 9, 2010 at 2:15 pm
Actually, fingerprints are done as vector graphics, essentially. They work on points on curves, which are mathematically described, not on bitmapping (like a JPG). At least, the applications I've seen for them work that way.
Either way, it doesn't require a non-encrypted copy/hash of the fingerprint to be stored outside the encrypted drive data.
If you think it does, I'd like to see the proof. Either a whitepaper, or some documented hacking method that takes advantage of that, or something of the sort. I've never heard of such a weakness in fingerprint security, and I'd like to see data on it if it's a true attack vector.
I write as a person who has authored firmware for an entire line of fingerprint reader access control/time and attendance appliances. I promise I am not inventing theory here. The weakness is not in fingerprint security, the weakness is in the inappropriateness of the application and should be readily apparent at the abstract level without a documented hacking method (i.e. when it's too late).
DETERMINISTIC ALGORITHM. Please look this up in Wikipedia. It has nothing to do with whether fingerprint algorithms are/aren't mathematic, or whether they're based on vectors versus raster imaging. Encryption algorithms require an exact key to decrypt data. A key is a BIG NUMBER, certainly no smaller than 128 bits.
All fingerprint readers today essentially learn fingerprints by remembering as many landmarks as possible on a fingerprint, and then expecting to find a statistically significant resemblance with an image acquired later. It's as much art as science. They do not produce predictable KEYS, they simply save landmarks as a "template file" during enrollment for future use. Even the same finger enrolled twice will produce non-identical template files. And while vector processing is crucial, they are always ultimately derived from raster images of a fingerprint.
Unless there is an algorithm that deterministically generates a key (A BIG NUMBER) from a fingerprint, and can be depended upon to generate that exact same BIG NUMBER most every time from the same fingerprint with no variation and with reference to no prior knowledge, then any security solution must depend on that BIG NUMBER being stored elsewhere, i.e. the hard drive, where somebody can get it.
The idea of deterministically generating keys from a fingerprint is not impossible in theory, but in the current state of the art, certainly well beyond the grasp of the bottom-of-the-barrel (entry-level) fingerprint sensor that would be found in a laptop. It would be fraught with problems of its own (e.g. does the "big number" change if you cut your finger and again as it heals?) Any product that truly offers that capability would certainly be accompanied by plenty of marketing noise.
November 9, 2010 at 3:02 pm
Mike Caldwell (11/9/2010)
Actually, fingerprints are done as vector graphics, essentially. They work on points on curves, which are mathematically described, not on bitmapping (like a JPG). At least, the applications I've seen for them work that way.
Either way, it doesn't require a non-encrypted copy/hash of the fingerprint to be stored outside the encrypted drive data.
If you think it does, I'd like to see the proof. Either a whitepaper, or some documented hacking method that takes advantage of that, or something of the sort. I've never heard of such a weakness in fingerprint security, and I'd like to see data on it if it's a true attack vector.
I write as a person who has authored firmware for an entire line of fingerprint reader access control/time and attendance appliances. I promise I am not inventing theory here. The weakness is not in fingerprint security, the weakness is in the inappropriateness of the application and should be readily apparent at the abstract level without a documented hacking method (i.e. when it's too late).
DETERMINISTIC ALGORITHM. Please look this up in Wikipedia. It has nothing to do with whether fingerprint algorithms are/aren't mathematic, or whether they're based on vectors versus raster imaging. Encryption algorithms require an exact key to decrypt data. A key is a BIG NUMBER, certainly no smaller than 128 bits.
All fingerprint readers today essentially learn fingerprints by remembering as many landmarks as possible on a fingerprint, and then expecting to find a statistically significant resemblance with an image acquired later. It's as much art as science. They do not produce predictable KEYS, they simply save landmarks as a "template file" during enrollment for future use. Even the same finger enrolled twice will produce non-identical template files. And while vector processing is crucial, they are always ultimately derived from raster images of a fingerprint.
Unless there is an algorithm that deterministically generates a key (A BIG NUMBER) from a fingerprint, and can be depended upon to generate that exact same BIG NUMBER most every time from the same fingerprint with no variation and with reference to no prior knowledge, then any security solution must depend on that BIG NUMBER being stored elsewhere, i.e. the hard drive, where somebody can get it.
The idea of deterministically generating keys from a fingerprint is not impossible in theory, but in the current state of the art, certainly well beyond the grasp of the bottom-of-the-barrel (entry-level) fingerprint sensor that would be found in a laptop. It would be fraught with problems of its own (e.g. does the "big number" change if you cut your finger and again as it heals?) Any product that truly offers that capability would certainly be accompanied by plenty of marketing noise.
I know what deterministic means.
So what you're saying is that you're an industry insider who knows that there's a huge security flaw in the product your company sells, and you're hoping nobody discovers it till after it's been fixed by some quantum breakthrough in the field, and we should take your word for this?
Nothing you wrote is new or unknown, except the claim that it is completely and utterly insecure, does nothing whatsoever for system security, and the product you work on is a complete sham. Which is essentially what you are claiming. Is that correct?
Or is the product secure and what you wrote is misleading?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 9, 2010 at 3:51 pm
I know what deterministic means.
So what you're saying is that you're an industry insider who knows that there's a huge security flaw in the product your company sells, and you're hoping nobody discovers it till after it's been fixed by some quantum breakthrough in the field, and we should take your word for this?
Nothing you wrote is new or unknown, except the claim that it is completely and utterly insecure, does nothing whatsoever for system security, and the product you work on is a complete sham. Which is essentially what you are claiming. Is that correct?
Or is the product secure and what you wrote is misleading?
The product my company sells isn't an encryption product, so the flaw I have described wouldn't apply to it. It doesn't contain any sensitive data that must be protected from disclosure if stolen. On the other hand, your laptop, or the laptops of the clients relying on you for security advice, may vary in this respect. That's the whole point of encryption.
November 9, 2010 at 4:11 pm
Mike Caldwell (11/9/2010)
I know what deterministic means.
So what you're saying is that you're an industry insider who knows that there's a huge security flaw in the product your company sells, and you're hoping nobody discovers it till after it's been fixed by some quantum breakthrough in the field, and we should take your word for this?
Nothing you wrote is new or unknown, except the claim that it is completely and utterly insecure, does nothing whatsoever for system security, and the product you work on is a complete sham. Which is essentially what you are claiming. Is that correct?
Or is the product secure and what you wrote is misleading?
The product my company sells isn't an encryption product, so the flaw I have described wouldn't apply to it. It doesn't contain any sensitive data that must be protected from disclosure if stolen. On the other hand, your laptop, or the laptops of the clients relying on you for security advice, may vary in this respect. That's the whole point of encryption.
Now I'm really confused. You're stating that your fingerprint product isn't suitable for security, except where the data it's protecting doesn't matter?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 9, 2010 at 4:37 pm
GSquared (11/9/2010)
Mike Caldwell (11/9/2010)
I know what deterministic means.
So what you're saying is that you're an industry insider who knows that there's a huge security flaw in the product your company sells, and you're hoping nobody discovers it till after it's been fixed by some quantum breakthrough in the field, and we should take your word for this?
Nothing you wrote is new or unknown, except the claim that it is completely and utterly insecure, does nothing whatsoever for system security, and the product you work on is a complete sham. Which is essentially what you are claiming. Is that correct?
Or is the product secure and what you wrote is misleading?
The product my company sells isn't an encryption product, so the flaw I have described wouldn't apply to it. It doesn't contain any sensitive data that must be protected from disclosure if stolen. On the other hand, your laptop, or the laptops of the clients relying on you for security advice, may vary in this respect. That's the whole point of encryption.
Now I'm really confused. You're stating that your fingerprint product isn't suitable for security, except where the data it's protecting doesn't matter?
I think what he's saying is that his product is an "access control" product, not a "be all & end all" product to secure a computer system. I believe the OP was saying that a fingerprint reader on a laptop will not secure the data as well as encryption would - at least, that's the gist that I got.
November 9, 2010 at 4:46 pm
niall.baird wrote:
I think what [Mike Caldwell] is saying is that his product is an "access control" product, not a "be all & end all" product to secure a computer system.
The physical access to our company's entire data centre will soon be controlled by a biometric system. Curious that we should be willing to trust physical access to biometrics, but not data access.
November 9, 2010 at 5:02 pm
Now I'm really confused. You're stating that your fingerprint product isn't suitable for security, except where the data it's protecting doesn't matter?
It's a time clock. People punch in for work with it. The fingerprint check is so Jim doesn't punch in for Jack. For that purpose, a fingerprint check hits the spot. If a rogue nation state or a corporate competitor were to get a hold of it and rip it apart and analyze it, then yes, it's "insecure", in the sense that they'd probably be able to fake a punch for Jack into work while he sleeps hung over.
The purpose of encryption is to protect data from disclosure, that's why it was invented. Some people carry secrets on their laptops. Some secrets are source code to their company's flagship products. Some secrets are military in nature, the plans for the next fighter jet. Sometimes data is other people's SSN's or financial or medical records subject to HIPAA etc... Some secrets are their personal cache of child porn. Using encryption implies keeping the data secret probably matters to whoever owns it. Someone who adds one-swipe fingerprint access just gave an attacker their best shot at defeating the encryption all in a single swoop, that's my point in a nutshell.
Viewing 15 posts - 31 through 45 (of 56 total)
You must be logged in to reply to this topic. Login to reply