This is why I think the resolution for the identification challenge is more significant. Last year, with the iPhone 5s, Apple finally got fingerprint recognition right. Last week I actually had to use a iPhone 5c for a few days without Touch ID and I couldn’t believe how much I had learned to rely on it. It really does work and you really do use it and it really is less hassle than a pin or even swiping to unlock the phone. But the security issues were not paramount but a fortunate side product.
Now they are paramount and what is more Touch ID solves the identification problem. It is really hard for criminals to spoof it or steal your identity using it. They would literally have to hold a gun to your head or take a hostage and, frankly, at that point, they are better off just robbing merchants directly.
U.S. credit cards are quite insecure. Biometric ID would seem to me to be a big improvement. Financial intermediaries will still have to put in back-up security measures, so that somebody who figures out how to copy your fingerprint is not able to make unlimited purchases. But I see phone-based payment technology as leapfrogging the current European model of more-secure credit cards.
Incidentally, I want an i-Watch, as long as it can use Google Maps as input. It would make bicycle navigation easier, but not with the crummy default maps app. Since the product won’t be available for a few months, and it since it won’t be biking weather for a few months after that, there is time to see how it develops.
Have you considered Garmin’s or Magellan’s navigation-capable bike computers?
I can’t produce any support for this stance at the moment, but I distinctly recall some very convincing critiques of biometric authentication, when we first started seeing finger swipes on laptops and such, around 5 years ago.
The gist was that biometric devices are inherently susceptible to spoofing. They make a great secondary factor in multi-factor authentication, but should not be used for single factor i.e. as the sole authenticating criterion.
Obviously technology will improve spoof resistance, but there is an arms (heh!) race to consider. I think the main factor is that fingers and retinas and such can be scanned and sampled in ways that pass phrases and private keys cannot.
The big problem with biometrics is that once the fingerprint database is stolen, which one inevitably will be, you can’t change your fingerprint like you can a PIN or password.
Yes, this is probably the biggest problem, which I totally forgot.
This is more than just a problem with someone taking your words with friends box.
This could make it virtually impossible to prove you are you or to prove a criminal (or CIA or NSA rep, but I repeat myself) aren’t you over any computer network.
“The Snob” is right – you can’t change things once the database is stolen….
In addition: The main assumption of security is that we expect that the process starts with a finger swipe or a retinal scan. The authentication system back on the server doesn’t see this…it sees an encoded set of parameters that were calculated from the swipe/scan. Instead of an actual swipe, a thief could send a pre-generated data file which can spoof an authentication.
Think about this: while passwords and credit card information can be stored with their MD5SUM code (you don’t store the password, just a number derived from it), a retinal scan generates a slightly different set of parameters each time. There is no encrypting algorithm that you can use to store it with….you end up with very different numbers if you start with slightly different parameters.
Security is a multi-layered complex field. At the bottom of it all is the fact that a file has to be stored by the system to authenticate you and you can’t guarantee that the file will always be safe.
Good points, but it’s not quite so futile, in terms of replay attacks. The scanning device does not necessarily send “some parameters” like a small tuple of scalars to the authenticator. Instead, consider what a finger scanner might send to the authenticator (digitally signed, of course):
1. An optical image / map
2. A contact map
3. A heat map
4. A conductivity map
5. Microbial activity delta (relative to before the scan)
6. Time of scan
Perhaps 1-10 MB of data in a signed, encypted transmission to the authenticator. The first four items would be processed and evaluated, looking for natural variability yet conformance to essential matching thresholds. The last two would be strictly for defending replay attacks.
Disclaimer: This is pure speculation on my part and not something I’ve put much thought into.
Only your devuce needs to know you are you by knowing the exact finger print or retinal structure. Beyond that everyone else just needs to trust your device.
My problem is I can imagine a finger print being converted to a random string and only transmitted in a form that cannot possibly be reverse engineered. I just don’t trust the security people to care enough.
You still have the same problem….at some point a file of “something” is being transmitted. You can steal images as well as data. The server never really knows what generated the incoming bit stream….
In my response about plausibly defending replay attacks, above in this thread, the server knows what is sending the bitstream due to the digital signature (and timestamp). The sender is at very least the expected keyholder.