[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Comments on "Hybrid Auth. mode for IKE"

To: Greg Carter <greg.carter@entrust.com>
Subject: RE: Comments on "Hybrid Auth. mode for IKE"
From: Stephen Kent <kent@bbn.com>
Date: Thu, 23 Jul 1998 18:23:27 -0400
Cc: ipsec@tis.com
In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50BEA45F@sothmxs01.entrust.com>
Sender: owner-ipsec@ex.tis.com

Greg,

Thanks for bringing up biometrics. I querstion their place in distributed
system authentication, of the sort we are discussing.  Consider the
following:

	-these schemes tend to be create a template of some biometric,
after a registration process in which the user is reliably identified by
some out-of-band means. the template is then stored on some server for
later access. this template cannot be stored in a one-way hashed fashion,
as we would a password, because it must be possible to match the captured
measurements against the template to "score" the auth attempt.  in general,
this means that if one were to break into a server where these templates
are stored, it would be possible to gain access to the plaintext templates.
also note that unlike a key or a password, if a compromise occurs, changing
a biometric is generally infeasible!

	- with knowledge of a template, the scoring algorithm, and the
biometric capture algorithm (all of which is known to vendors and should be
assumed to be knowable by attacker), it is possible to work backwards to
generate bit strings that will pass the scoring algorithm for the user
template in question.

	- in a distributed system, one has little or no control over the
biometric capture, i.e., one cannot tell if the bitstring being sent to the
server is really a biometric, or is from some other source at the remote
login site. this is fundamentally due to physical security limits on the
capture technoogy. most systems do not protect the biometric in a fashion
that provides data origin authentication.  a few do try, but the packaging
is not very tamper resistant (e.g., FIPS 140-1 level 3) and so it is safe
to assume than one can spoof origin of the bitstring that is sent to the
auth server, i.e., one can submit a manufactured bitstring.

	- thus, if a user's template for a given biometric is EVER
compromised in any fashion, it would be possible for an attacker to
generate a bit string that will appear to be from the user, and given the
lack of physical security for capture, this bit string can be introduced
into a system to authenticate the atacker as the purported, valid, user.

Note that this analysis does not apply to situations where physical
security of capture can be reasonably ensured, e.g., physical access
control environments or ATM machines. In such circumstances the capture is
not amenable to "spoofing."

Steve

References:

RE: Comments on "Hybrid Auth. mode for IKE"

From: Greg Carter <greg.carter@entrust.com>

Prev by Date: RE: Comments on "Hybrid Auth. mode for IKE"
Next by Date: RE: Comments on "Hybrid Auth. mode for IKE"
Prev by thread: RE: Comments on "Hybrid Auth. mode for IKE"
Next by thread: RE: Comments on "Hybrid Auth. mode for IKE"
Index(es):
- Main
- Thread