Wednesday, April 23, 2008
Privacy in the 21st Century
How do we best define "privacy" in the 21st century? Certainly, "anonymity" would not be the likely answer, especially for today's society in the United States. Anonymity has been difficult to achieve for some time in our country, at least dating back to the issuance of Social Security numbers. So what is an appropriate definition for today's paradigm? One can posit that privacy today is the binding of a true and accurate identity to its claimant, such that the identity cannot be stolen, reproduced, or altered in any way. Perhaps most importantly to those who hold their privacy rights as sacred, the lack of ubiquity of reference data across domains might very well be defined as the underpinning of 21st century privacy. What is meant by this? If an individual provides a rendering of his or her identity in digital form (i.e. biometrics), let's say to a retailer, he or she would have the presumption in a society such as ours that the digital identity would not be shared, or inadvertently released, to another and separate database that might make disadvantageous use of that identity (such as a criminal database). In other words, containment of digital identities within a single domain ensures that individuals' identities do not become overly accessible to parties who have an alternative intent for using those identities. Furthermore, digital identity renderings that are in uncommon formats or modalities reduce the likelihood that an errant release of the digital identity can lead to any significant harm. An example of this would be the disparate effect of a person's fingerprints being accidentally lost or shared, versus a template of the vein pattern in his hand or finger.
Tuesday, April 22, 2008
Biometrics in the Private Sector
It remains to be seen just how much the private sector will embrace biometrics. Certain isolated implementations notwithstanding, to date, this technology has been largely underutilized by industries such as finance, retail, health care, and others. It is likely a matter of time before each of these sectors recognizes the benefits that biometric technology and overall robust identity management programs can bring to their business operations. Unfortunately, the impetus for such a transition may very well be precipitated by a significant breach of current non-digital identity management protocols. Biometrics currently offers the best, albeit not perfect, option for "fixing" an individual's identity and subsequently vetting that individual with a high degree of confidence. Combined with traditional approaches such as PINs, access cards or tokens, and other identification documentation, biometrics can reduce the likelihood that an organization will experience a breach in its identity management protocols.
Friday, April 11, 2008
On-card Fingerprint Match Is Secure, Speedy
ScienceDaily (Apr. 3, 2008) — A fingerprint identification technology for use in Personal Identification Verification (PIV) cards that offers improved protection from identity theft meets the standardized accuracy criteria for federal identification cards according to researchers at the National Institute of Standards and Technology (NIST).
Under Homeland Security Presidential Directive 12 (HSPD 12), by this fall most federal employees and contractors will be using federally approved PIV cards to "authenticate" their identity when seeking entrance to federal facilities. In 2006 NIST published a standard* for the new credentials that specifies that the cards store a digital representation of key features or "minutiae" of the bearer's fingerprints for biometric identification.
Under the current standard, a user seeking to enter a biometrically controlled access point would insert his or her PIV smart card into a slot--just like using an ATM card--and place their fingers on a fingerprint scanner. Authentication proceeds in two steps: the cardholder enters a personal identification number to allow the fingerprint minutiae to be read from the card, and the card reader matches the stored minutiae against the newly scanned image of the cardholder's fingerprints.
In recent tests,** NIST researchers assessed the accuracy and security of two variations on this model that, if accepted for government use, would offered improved features. The first allows the biometric data on the card to travel across a secure wireless interface to eliminate the need to insert the card into a reader. The second uses an alternative authentication technique called "match-on-card" in which biometric data from the fingerprint scanner is sent to the PIV smart card for matching by a processor chip embedded in the card. The stored minutiae data never leave the card. The advantage of this, as computer scientist Patrick Grother explains, is that "if your card is lost and then found in the street, your fingerprint template cannot be copied."
The NIST tests addressed two outstanding questions associated with match-on-cards. The first was whether the smart cards' electronic "keys" can keep the wireless data transmissions between the fingerprint reader and the cards secure and execute the match operation all within a time budget of 2.5 seconds. The second question was whether the "match-on-card" operation will produce as few false acceptance and false rejection decisions as traditional match-off-card schemes where more computational power is available.
The researchers found that 10 cards with a standard 128-byte-long key and seven cards that use a more secure 256-byte key passed the security and timing test using wireless. On the accuracy side, one team met the criteria set by NIST and two others missed narrowly. The computer scientists plan a new round of tests soon to allow wider participation. For copies of the test report and details of the next test round, see the MINEX (Minutiae Interoperability Exchange Test) Phase II Web pages.
NIST has been at the forefront of security and biometric research and standardization for decades. Prior NIST work, in 2005, quantified the speed versus accuracy tradeoffs associated with storing an individual's fingerprint minutiae rather than the full fingerprint images on PIV cards. These studies were funded by NIST and the Department of Homeland Security's Science and Technology Directorate.
* Federal Information Processing Standard (FIPS) 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors. March, 2006.
** P. Grother, W. Salamon, C. Watson, M. Indovina and P. Flanagan. MINEX II--Performance of Fingerprint Match-on-Card Algorithms, Phase II Report. NIST Interagency Report 7477, Feb. 29, 2008.
Under Homeland Security Presidential Directive 12 (HSPD 12), by this fall most federal employees and contractors will be using federally approved PIV cards to "authenticate" their identity when seeking entrance to federal facilities. In 2006 NIST published a standard* for the new credentials that specifies that the cards store a digital representation of key features or "minutiae" of the bearer's fingerprints for biometric identification.
Under the current standard, a user seeking to enter a biometrically controlled access point would insert his or her PIV smart card into a slot--just like using an ATM card--and place their fingers on a fingerprint scanner. Authentication proceeds in two steps: the cardholder enters a personal identification number to allow the fingerprint minutiae to be read from the card, and the card reader matches the stored minutiae against the newly scanned image of the cardholder's fingerprints.
In recent tests,** NIST researchers assessed the accuracy and security of two variations on this model that, if accepted for government use, would offered improved features. The first allows the biometric data on the card to travel across a secure wireless interface to eliminate the need to insert the card into a reader. The second uses an alternative authentication technique called "match-on-card" in which biometric data from the fingerprint scanner is sent to the PIV smart card for matching by a processor chip embedded in the card. The stored minutiae data never leave the card. The advantage of this, as computer scientist Patrick Grother explains, is that "if your card is lost and then found in the street, your fingerprint template cannot be copied."
The NIST tests addressed two outstanding questions associated with match-on-cards. The first was whether the smart cards' electronic "keys" can keep the wireless data transmissions between the fingerprint reader and the cards secure and execute the match operation all within a time budget of 2.5 seconds. The second question was whether the "match-on-card" operation will produce as few false acceptance and false rejection decisions as traditional match-off-card schemes where more computational power is available.
The researchers found that 10 cards with a standard 128-byte-long key and seven cards that use a more secure 256-byte key passed the security and timing test using wireless. On the accuracy side, one team met the criteria set by NIST and two others missed narrowly. The computer scientists plan a new round of tests soon to allow wider participation. For copies of the test report and details of the next test round, see the MINEX (Minutiae Interoperability Exchange Test) Phase II Web pages.
NIST has been at the forefront of security and biometric research and standardization for decades. Prior NIST work, in 2005, quantified the speed versus accuracy tradeoffs associated with storing an individual's fingerprint minutiae rather than the full fingerprint images on PIV cards. These studies were funded by NIST and the Department of Homeland Security's Science and Technology Directorate.
* Federal Information Processing Standard (FIPS) 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors. March, 2006.
** P. Grother, W. Salamon, C. Watson, M. Indovina and P. Flanagan. MINEX II--Performance of Fingerprint Match-on-Card Algorithms, Phase II Report. NIST Interagency Report 7477, Feb. 29, 2008.
Monday, April 7, 2008
The Right Balance
Optimal biometric implementations manage to strike an ideal balance of security, convenience, and privacy. The privacy attribute is particularly crucial for private sector implementations, which rely on customer confidence in using a biometric system. Studies have shown that once this trust is established, consumers will adapt quickly and prefer using the biometric system (as opposed to traditional identification methods). In addition, use of biometric systems in retail has shown increases in sales, most likely due to reduction in transaction processing time. In many ways, these results lead back to the ability of the implementer to uphold privacy rights and gain consumer trust.
Saturday, April 5, 2008
Trust Is Good, Biometrics Are Better
By Mandy Kühn, journalist in Munich, Germany
With a staff of 3,000, Susquehanna Health, based in Williamsport, Pennsylvania, is the region’s largest employer. There are three hospitals in the network, treating 14,000 inpatients and 500,000 outpatients a year. Especially in times when costs and compliance pressure are increasing the Health complex is always looking for innovations. The introduction of biometric access, for example, allows the health center not only to manage patient data more securely but also to save administrative costs and free up more time for patients.
As elsewhere in the USA, patient and data protection plays a central role at Susquehanna Health. Patient data in the USA has to be handled in accordance with comprehensive statutory compliance regulations. The most important of these is the Health Insurance Portability and Accountability Act (HIPAA), the aim of which is to standardize and simplify electronic data transfer in healthcare and ensure a high level of data security. To ensure data protection and privacy, anyone using medical or patient data is legally required to authenticate themselves. In order to comply with these guidelines with a minimum of effort, Susquehanna Health has been using biometrics since October 2002.
Biometric IT access ensures compliance and convenience
Susquehanna Health IT administrator Tim Schoener associates two things, above all, with this identification technology: “compliance and convenience – making it easy to comply with the rules is what makes biometrics so special.” In an initial test phase, 250 doctors and IT staff used their fingerprints to gain access to the IT system. Just under two years later, the user group was extended to all hospital and administrative staff. The main reason for this step was the implementation of a new release of a medical information system in 2004. The solution chosen in order to coordinate hospital processes across the different hospitals, support the workflow and offer comprehensive access to relevant information was Soarian from Siemens Medical Solutions USA, Inc. According to Schoener, the decision in favor of Siemens owed much to a partnership stretching back many years: “We have been working with Siemens for 35 years, and throughout that time our experiences have been nothing but good. Thanks to this partnership, we were very closely involved in the development of Soarian. That was enormously important to us – after all, getting a technology that will be able to meet our future demands is one of our top priorities.”
Because the new IT system allowed all hospital data to be viewed and edited from any authorized workstation, a reliable and secure means of identifying personnel was absolutely essential. Until that point, most staff had been using a user name and password to access the system in the usual way. But in the hustle and bustle of a working day, medical staff often found the procedure too time-consuming. In addition, the passwords had to be changed every 90 days for security reasons. In order to protect sensitive data adequately while minimizing the efforts required of staff, Siemens added biometric IT access control to the Soarian system.
The hospital benefited from synergies within the Siemens group when Siemens Healthcare brought specialists from Siemens IT Solutions and Services on board to integrate the biometric ID center solution. The IT service provider equipped around 1,200 workstations with ID mice, around 300 mobile tablet PCs with fingerprint sensors and installed a biometric authentication system. This saves the encrypted biometric profiles of the staff in a secure central database and compares them with the fingerprints scanned by the ID mouse. Any changes a user makes in the system can be traced without problems, and it is easy to find out who made them. “This traceability allows us to meet requirements in terms of compliance and data security with ease. Moreover, our staff now take more care to protect their workstations when they leave them for a short time,” says Schoener.
A further benefit, which improves data protection and security enormously, is that it is easy to set up different access levels for financial, administrative and medical staff, for example. Depending on their authorization, users are given access to applications on their desktops. These range from applications for admitting patients to clinical programs, hospital reports, care plans and the distribution of medications.
Expansion of the system to cope with growing demands
Following an implementation period of around two months, biometric recognition for the first 300 members of staff went off smoothly, starting in October 2002. It was therefore planned to extend the solution to all 3,000 members of staff at the end of 2003. At this point, the Siemens experts were confronted with a particular challenge. The original ID Center solution was designed for a maximum of 1,000 users. With three times that number of users, the system's response times for fingerprint recognition became unsatisfactory.
The team from Siemens IT Solutions and Services worked under great pressure for three months to improve the system’s performance. Gerd Hribernig head of the Biometrics Center of Siemens IT Solutions and Services in Graz, recalls: “Instead of using new, more powerful but more expensive servers, we thoroughly revised the search strategies in the algorithms. Very satisfactory results were obtained with this new software. Although this delayed the rollout by around three months, it meant that Siemens had a unique biometric solution on the market with the new feature 'Fast Identify'”. Today, the system provides identification rates in a matter of seconds.
Widespread acceptance thanks to training and security
If you ask IT manager Schoener whether the biometric solution has been well received by hospital staff, he laughs and exclaims simply: “They love it!” But it wasn’t always like that, not for everyone and not right from the start at any rate. When the solution was introduced, some staff were concerned that images of their fingerprints would be stored in databases or that the technical complexity and thus the effort required by the identification process could increase. But the doubts turned out to be unfounded: “After detailed training and instruction about the system, we were quickly able to dispel the concerns of our staff. It soon became clear that the biometric system does not interfere with individuals’ rights and makes things much simpler for people,” says Schoener.
There is also no doubt that introduction of the new system was made easier by the fact that its use was voluntary. Skeptical staff always had the alternative of continuing to log in with their user name and password. It speaks volumes for the biometric solution that after just a few short months over 95 percent of staff were using it to log in: “Practical experience has repeatedly shown that even skeptics switch to biometrics very quickly on grounds of convenience alone,” reports Hribernig.
Nevertheless, the German IT service provider wanted to leave nothing to chance in terms of data protection. The data of all three hospitals is stored on a central database server in the form of biometric templates. These attribute records are encrypted point clouds that allow the differences between fingerprints to be revealed, but not the attributes themselves. This data cannot be used forensically, for example. In addition, the key used to decrypt the data is stored locally with the user and thus cannot be misused by a third party. "Communicating this effectively to customers and their staff is perhaps one of the most important tasks in a project like this," asserts Hribernig. "The success of the project depends on whether or not staff accept it."
The biometric future at Susquehanna Health Center
Still in this year, it is expected that staff at Susquehanna Health will be working with ID Center Version 4.0. The most important innovation will be the extension of fingerprint recognition with palm vein recognition. This new technology scans the vein pattern under the palm, which is unique in each person. A contactless infrared scanner scans the palm of the hand at a distance of a few centimeters in a matter of seconds. The vein pattern scanned is compared with the vein pattern image stored for that person. Since the veins are under the skin, it is particularly difficult to fool the system. Schoener is excited about this new technology: “Fingerprint recognition doesn’t work with staff who have suffered bad injuries to their fingertips, so they still have to use passwords. With the planned vein scanners, they too will soon be able to get the benefits of biometrics.”
The hospitals are also planning to extend the fields of application of biometrics. A new patient building with a physical building admission control system is planned in the next few years. Patients, too, will benefit from the technology in the long term. There are a whole range of possibilities, explains the IT administrator: “If patients could register and identify themselves biometrically, that would bring great benefits in terms of convenience. Registration procedures would be accelerated, while mistaken identity and misuse of insurance cards would be eliminated.” (Photo source - Mandy Kühn)
With a staff of 3,000, Susquehanna Health, based in Williamsport, Pennsylvania, is the region’s largest employer. There are three hospitals in the network, treating 14,000 inpatients and 500,000 outpatients a year. Especially in times when costs and compliance pressure are increasing the Health complex is always looking for innovations. The introduction of biometric access, for example, allows the health center not only to manage patient data more securely but also to save administrative costs and free up more time for patients.
As elsewhere in the USA, patient and data protection plays a central role at Susquehanna Health. Patient data in the USA has to be handled in accordance with comprehensive statutory compliance regulations. The most important of these is the Health Insurance Portability and Accountability Act (HIPAA), the aim of which is to standardize and simplify electronic data transfer in healthcare and ensure a high level of data security. To ensure data protection and privacy, anyone using medical or patient data is legally required to authenticate themselves. In order to comply with these guidelines with a minimum of effort, Susquehanna Health has been using biometrics since October 2002.
Biometric IT access ensures compliance and convenience
Susquehanna Health IT administrator Tim Schoener associates two things, above all, with this identification technology: “compliance and convenience – making it easy to comply with the rules is what makes biometrics so special.” In an initial test phase, 250 doctors and IT staff used their fingerprints to gain access to the IT system. Just under two years later, the user group was extended to all hospital and administrative staff. The main reason for this step was the implementation of a new release of a medical information system in 2004. The solution chosen in order to coordinate hospital processes across the different hospitals, support the workflow and offer comprehensive access to relevant information was Soarian from Siemens Medical Solutions USA, Inc. According to Schoener, the decision in favor of Siemens owed much to a partnership stretching back many years: “We have been working with Siemens for 35 years, and throughout that time our experiences have been nothing but good. Thanks to this partnership, we were very closely involved in the development of Soarian. That was enormously important to us – after all, getting a technology that will be able to meet our future demands is one of our top priorities.”
Because the new IT system allowed all hospital data to be viewed and edited from any authorized workstation, a reliable and secure means of identifying personnel was absolutely essential. Until that point, most staff had been using a user name and password to access the system in the usual way. But in the hustle and bustle of a working day, medical staff often found the procedure too time-consuming. In addition, the passwords had to be changed every 90 days for security reasons. In order to protect sensitive data adequately while minimizing the efforts required of staff, Siemens added biometric IT access control to the Soarian system.
The hospital benefited from synergies within the Siemens group when Siemens Healthcare brought specialists from Siemens IT Solutions and Services on board to integrate the biometric ID center solution. The IT service provider equipped around 1,200 workstations with ID mice, around 300 mobile tablet PCs with fingerprint sensors and installed a biometric authentication system. This saves the encrypted biometric profiles of the staff in a secure central database and compares them with the fingerprints scanned by the ID mouse. Any changes a user makes in the system can be traced without problems, and it is easy to find out who made them. “This traceability allows us to meet requirements in terms of compliance and data security with ease. Moreover, our staff now take more care to protect their workstations when they leave them for a short time,” says Schoener.
A further benefit, which improves data protection and security enormously, is that it is easy to set up different access levels for financial, administrative and medical staff, for example. Depending on their authorization, users are given access to applications on their desktops. These range from applications for admitting patients to clinical programs, hospital reports, care plans and the distribution of medications.
Expansion of the system to cope with growing demands
Following an implementation period of around two months, biometric recognition for the first 300 members of staff went off smoothly, starting in October 2002. It was therefore planned to extend the solution to all 3,000 members of staff at the end of 2003. At this point, the Siemens experts were confronted with a particular challenge. The original ID Center solution was designed for a maximum of 1,000 users. With three times that number of users, the system's response times for fingerprint recognition became unsatisfactory.
The team from Siemens IT Solutions and Services worked under great pressure for three months to improve the system’s performance. Gerd Hribernig head of the Biometrics Center of Siemens IT Solutions and Services in Graz, recalls: “Instead of using new, more powerful but more expensive servers, we thoroughly revised the search strategies in the algorithms. Very satisfactory results were obtained with this new software. Although this delayed the rollout by around three months, it meant that Siemens had a unique biometric solution on the market with the new feature 'Fast Identify'”. Today, the system provides identification rates in a matter of seconds.
Widespread acceptance thanks to training and security
If you ask IT manager Schoener whether the biometric solution has been well received by hospital staff, he laughs and exclaims simply: “They love it!” But it wasn’t always like that, not for everyone and not right from the start at any rate. When the solution was introduced, some staff were concerned that images of their fingerprints would be stored in databases or that the technical complexity and thus the effort required by the identification process could increase. But the doubts turned out to be unfounded: “After detailed training and instruction about the system, we were quickly able to dispel the concerns of our staff. It soon became clear that the biometric system does not interfere with individuals’ rights and makes things much simpler for people,” says Schoener.
There is also no doubt that introduction of the new system was made easier by the fact that its use was voluntary. Skeptical staff always had the alternative of continuing to log in with their user name and password. It speaks volumes for the biometric solution that after just a few short months over 95 percent of staff were using it to log in: “Practical experience has repeatedly shown that even skeptics switch to biometrics very quickly on grounds of convenience alone,” reports Hribernig.
Nevertheless, the German IT service provider wanted to leave nothing to chance in terms of data protection. The data of all three hospitals is stored on a central database server in the form of biometric templates. These attribute records are encrypted point clouds that allow the differences between fingerprints to be revealed, but not the attributes themselves. This data cannot be used forensically, for example. In addition, the key used to decrypt the data is stored locally with the user and thus cannot be misused by a third party. "Communicating this effectively to customers and their staff is perhaps one of the most important tasks in a project like this," asserts Hribernig. "The success of the project depends on whether or not staff accept it."
The biometric future at Susquehanna Health Center
Still in this year, it is expected that staff at Susquehanna Health will be working with ID Center Version 4.0. The most important innovation will be the extension of fingerprint recognition with palm vein recognition. This new technology scans the vein pattern under the palm, which is unique in each person. A contactless infrared scanner scans the palm of the hand at a distance of a few centimeters in a matter of seconds. The vein pattern scanned is compared with the vein pattern image stored for that person. Since the veins are under the skin, it is particularly difficult to fool the system. Schoener is excited about this new technology: “Fingerprint recognition doesn’t work with staff who have suffered bad injuries to their fingertips, so they still have to use passwords. With the planned vein scanners, they too will soon be able to get the benefits of biometrics.”
The hospitals are also planning to extend the fields of application of biometrics. A new patient building with a physical building admission control system is planned in the next few years. Patients, too, will benefit from the technology in the long term. There are a whole range of possibilities, explains the IT administrator: “If patients could register and identify themselves biometrically, that would bring great benefits in terms of convenience. Registration procedures would be accelerated, while mistaken identity and misuse of insurance cards would be eliminated.” (Photo source - Mandy Kühn)
Tuesday, April 1, 2008
"Biologger" Steals Fingerprint, Other Biometric Data
MARCH 31, 2008 5:00 PM
By Kelly Jackson Higgins
Senior Editor, Dark Reading
If you think biometric scans are necessarily secure, think again: A European researcher has built a biometric keylogger that can capture fingerprint or other scans.
The so-called Biologger intercepts biometric data sent between a biometric scanner and its processing server, says Matt Lewis, a researcher with Information Risk Management, who demonstrated the tool and released proof-of-concept source code for it last week at Black Hat Europe in Amsterdam.
"It is the biometric equivalent of a traditional keylogger," Lewis says. Biologger easily captures the biometric traffic, which then can be taken offline for the attacker to analyze and to find ways to subvert the biometric system, he says, adding that an attacker could use that information to recreate a user's raw biometric image.
The attacker then could use that biometric to stage a spoofing attack, or to open a locked door, for instance, he says. "For example, if the system is a physical access control solution, then it may be possible to replay control signals that open locked doors, without the requirement for the presence of a valid biometric."
Lewis says an attacker could configure Biologger in several ways -- for sniffing biometric devices in a domain; as an inline wire tap or proxy device; for ARP poisoning; and as a memory-resident keylogger on a host.
But planting Biologger in the victim network isn't so easy: "Biologging as an attack vector is trivial. The difficult part might be getting the Biologger onto a network," he says.
"This could be done through physical means, or if the circumstances permitted, through exploitation of vulnerabilities via the Internet."
So what exactly is Biologger exploiting? The fact that many biometric systems don't encrypt biometric data during the authentication process, according to Lewis. "Strong encryption of all biometric-related data during all transactions is the best way to defend against the attacks described in my paper," he says. "This includes encryption over the network, and when storing biometric data in back-end databases."
Lewis says biometrics isn't about security: "Biometrics can work incredibly well under the right circumstances. It is just important that proper security controls are placed around biometric systems, as the biometric component alone cannot be relied upon for security."
Biologger is also aimed at building a penetration testing tool for biometric systems, he says -- capturing the traffic would be the core component of such a test.
Lewis says the Biologger source code he released is merely a POC of a proxy that captures data. "The aim of the POC was to highlight the simplicity of biologging, and how strong encryption would go a long way in protecting against the types of attacks that can be executed as a result of intercepted and unencrypted biometric data."
By Kelly Jackson Higgins
Senior Editor, Dark Reading
If you think biometric scans are necessarily secure, think again: A European researcher has built a biometric keylogger that can capture fingerprint or other scans.
The so-called Biologger intercepts biometric data sent between a biometric scanner and its processing server, says Matt Lewis, a researcher with Information Risk Management, who demonstrated the tool and released proof-of-concept source code for it last week at Black Hat Europe in Amsterdam.
"It is the biometric equivalent of a traditional keylogger," Lewis says. Biologger easily captures the biometric traffic, which then can be taken offline for the attacker to analyze and to find ways to subvert the biometric system, he says, adding that an attacker could use that information to recreate a user's raw biometric image.
The attacker then could use that biometric to stage a spoofing attack, or to open a locked door, for instance, he says. "For example, if the system is a physical access control solution, then it may be possible to replay control signals that open locked doors, without the requirement for the presence of a valid biometric."
Lewis says an attacker could configure Biologger in several ways -- for sniffing biometric devices in a domain; as an inline wire tap or proxy device; for ARP poisoning; and as a memory-resident keylogger on a host.
But planting Biologger in the victim network isn't so easy: "Biologging as an attack vector is trivial. The difficult part might be getting the Biologger onto a network," he says.
"This could be done through physical means, or if the circumstances permitted, through exploitation of vulnerabilities via the Internet."
So what exactly is Biologger exploiting? The fact that many biometric systems don't encrypt biometric data during the authentication process, according to Lewis. "Strong encryption of all biometric-related data during all transactions is the best way to defend against the attacks described in my paper," he says. "This includes encryption over the network, and when storing biometric data in back-end databases."
Lewis says biometrics isn't about security: "Biometrics can work incredibly well under the right circumstances. It is just important that proper security controls are placed around biometric systems, as the biometric component alone cannot be relied upon for security."
Biologger is also aimed at building a penetration testing tool for biometric systems, he says -- capturing the traffic would be the core component of such a test.
Lewis says the Biologger source code he released is merely a POC of a proxy that captures data. "The aim of the POC was to highlight the simplicity of biologging, and how strong encryption would go a long way in protecting against the types of attacks that can be executed as a result of intercepted and unencrypted biometric data."
Subscribe to:
Posts (Atom)