Biometrics: The hazards and their mitigation for effective use

(c)iStock.com/Tuomas Kujansuu

With the recent release of Windows 10, and Microsoft supporting Intel’s biometric authentication in the new OS, we should take a moment to think about whether this is a good idea. It's hard to argue with the convenience offered by biometrics. There's also little doubt that they are often going to be more secure than a poorly chosen, re-used, or just plain weak (or default) password. However, they are no silver bullet.

Biometrics have plenty of strengths. They are convenient and are automatically high entropy; they are hard to brute force in untargeted attacks; and, if implemented carefully, they are robust against “pass the hash” style attacks – which allow an attacker to authenticate to a remote server by using the underlying hash instead of a password – effectively preventing remote exploits.

Yet there are also plenty of weaknesses. They can be automatically “re-used” and are kind of hard to change: “your fingerprints/iris images have been stolen, please change them”. They are also fairly easy to copy or spoof – and expect this to get commoditised in the form of a biometrics black market.

Think of it as a bit like card “skimmers” that are inserted into cash points and copy your card, only what they are copying is your biometrics. Alternately, they could lift fingerprints from physical objects or high resolution photographs, while hacking poorly implemented biometric scanners could also yield this data. A large scale example of databases of biometric information is US airports capturing all your fingerprints as you enter.

So what is the solution? We have the answer already – in the form of strong asymmetric encryption with the private key held in a hardware security module.

Simply having access to something physically is not sufficient for many use cases, though we rely on it for securing many of our highest worth assets such as cars and houses. Unlocking the key using a local pin or biometric is not an unreasonable further precaution – and indeed, I’d like to unlock my car or house that way! If a biometric is used for this, anyone reasonably motivated with physical access is likely to be able to get in. Though not perfect, it is a huge improvement on what we often have today – but it must be designed with great care and attention to detail.

So the biometric answer you are looking for is:

  • The key is protected in a hardened crypto-hardware module that does not allow the extraction of the key.
  • Biometrics or local pin/passphrase are used locally to unlock a key (implemented in hardware/firmware independent to the OS). A correctly implemented pin/passphrase is the more secure option in the right hands, although ideally an option for both – potentially context dependant.

So biometrics are a complimentary technology at best, and a placebo at worst. I have a reasonable level of optimism this solution is what Intel and Microsoft will actually deliver and welcome your thoughts and comments.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.