Re: [Speechsc] stealing biometric tokens

[William Meisel <wmeisel@tmaa.com>]

Hi, Judith.

I agree that ideally the solution is to provide adequate security for any
authentication data, and I hope solutions that insure every company does so
are eventually adopted.

The cited article really addresses a different subject. It says that
biometric identification, when stolen, is worse than having a PIN stolen
because a PIN can be changed, but a fingerprint can't (or a voice can't).
The article even talks about enrolling a different finger.

I think the basic assumption of the article is flawed. It assumes that one
can steal the stored biometric identifier and use that to authenticate
oneself as another. If the company stores the original image of a
fingerprint or the original recording of a voice, then I guess (with some
effort), the voice or fingerprint could be recreated. However, with speaker
verification and with fingerprints (in fact, with every pattern recognition
application I've been involved with since I wrote a book on it in 1972, the
process of storing "features" of the voice or fingerprint or any other
pattern is highly lossy and can't be reversed,in part because one wants to
identify the pattern in the presence of a lot of variation and thus capture
only largely invariant features. When challenged on the telephone to say a
password, having the features stored by the speaker verification system
wouldn't do one any good.

I hate to to have government agencies and companies left with the
misimpression that storing biometric data is somehow more dangerous (and
possibly creates more liability) than storing PINs.

-- Bill 

Bill Meisel
President, TMA Associates
Publisher & Editor, Speech Strategy News
(818)708-0962
www.tmaa.com




> From: Judith Markowitz <judith@jmarkowitz.com>
> Date: Sat, 19 Jul 2008 11:52:12 -0500
> To: William Meisel <wmeisel@tmaa.com>, 'Eric Burger'
> <eburger@standardstrack.com>, <speechsc@ietf.org>
> Subject: RE: [Speechsc] stealing biometric tokens
> 
> Hi Bill, 
> The attached article presents the picture in about as simplistic and naïve a
> way as possible. Consequently, it leads the reader to false conclusions.
> 
> Biometrics can be faked (called "spoofing") but it is generally not a
> trivial process and, in most cases, it is done with the raw biometric data.
> That is, fingerprint or face (etc.) images and voice recordings. It is much
> harder to re-engineer a biometric model/template, although that is not
> impossible. 
> 
> There are a number of ways to capture raw biometrics. The best way is to
> hack a database that stores them. Other methods involve capture at the
> sensor and on the transmission channel.
> 
> If you look at these approaches to capturing biometrics you can easily see a
> theme: security. You also see that the security that is needed (and too
> often missing) has nothing really to do with biometrics, itself. It is the
> same kind of security that is missing for PIN and password systems. So, it
> doesn't really help much to have multi-factor authentication if all of them
> are captured in transit or stolen from a hacked database.
> 
> In short, if government and private industry would take the time and spend
> the money to secure their networks, databases, and other systems many of
> these threats would be eliminated. That's why the data interchange format
> that I'm working on with the American National Standards Institute includes
> encryption and supports other security.
> 
> Judith Markowitz
> 
> -----Original Message-----
> From: speechsc-bounces@ietf.org [mailto:speechsc-bounces@ietf.org] On Behalf
> Of William Meisel
> Sent: Thursday, July 17, 2008 10:15 PM
> To: Eric Burger; speechsc@ietf.org
> Subject: Re: [Speechsc] Just to see if anyone is still out there
> 
> Am I missing something, or does the linked article (and the referenced
> professor) simply misunderstand biometric id? Having the biometric token (a
> fingerprint is the example) should neither allow the thief to recreate the
> fingerprint (assuming it is features of the fingerprint that are
> encoded--hopefully without announcing what each feature is) nor allow the
> thief to access the system, since they would need to have the finger (not
> the token) to do so. It would not be necessary for the individual to
> reenroll a new finger.
> 
> The same is true of speaker authentication.
> 
> -- Bill 
> 
> Bill Meisel
> President, TMA Associates
> Publisher & Editor, Speech Strategy News
> (818)708-0962
> www.tmaa.com
> 
> 
> 
> 
>> From: Eric Burger <eburger@standardstrack.com>
>> Date: Thu, 17 Jul 2008 08:07:08 -0400
>> To: <speechsc@ietf.org>
>> Subject: [Speechsc] Just to see if anyone is still out there
>> 
>> For the folks who care about biometrics:
>> 
> http://www.networkworld.com/newsletters/sec/2008/071408sec1.html?nlhtsecstra
> t=
>> ts_071508&nladname=071508securitystrategiesal
>> _______________________________________________
>> Speechsc mailing list
>> Speechsc@ietf.org
>> https://www.ietf.org/mailman/listinfo/speechsc
>> Supplemental web site:
>> &lt;http://www.standardstrack.com/ietf/speechsc&gt;
> 
> 
> _______________________________________________
> Speechsc mailing list
> Speechsc@ietf.org
> https://www.ietf.org/mailman/listinfo/speechsc
> Supplemental web site:
> &lt;http://www.standardstrack.com/ietf/speechsc&gt;
> 
> 


_______________________________________________
Speechsc mailing list
Speechsc@ietf.org
https://www.ietf.org/mailman/listinfo/speechsc
Supplemental web site:
&lt;http://www.standardstrack.com/ietf/speechsc&gt;