2

I was looking at this question How is Fingerprint Authentication Secure?

Where it talks about biometric scans, and the answer by @Lie Ryan mentions this isn't a secure authentication method, but more for identity and such for those who are witnessing you actually using your biometrics to identify.

My question is, what if Biometrics were a series of scans, and not just one, kind of like a password? Instead of entering 1 letter for a password, we use a sequence. Would this be secure if we did this for authentication via biometrics?

For instance, what if our biometric password was pinky(L), ring(R), Middle(R), pointer(R), pointer(L), pinky(Toe Left), etc.

Would this actually provide to be secure? How much harder would it be to crack this type of biometric scan?

NOTE: There was mention in either the above question, or another question I read, that spoke about the merchant, or another party scanning and keeping your prints in their system.... I understand that is not good, but wouldn't the same be said if you entered a pin, or a password? wouldn't it be possible to steal that data as well? The issue is, they would need your device in order to access payments... right? Or would they be able to exploit something?

So again, my question is, how safe would a sequence of biometric scans be instead of a single scan? How good of an Authentication scheme would it be overall, compared to passwords?

Thanks all, happy new year.

EDIT: The answers so far both mention about the data not being able to be changed. My point is that with a sequence of biometric data you are giving a much harder time. If we consider each Biometric as an Alphanumeric, why couldn't a sequence work? If 123F is figured out to be your password, F123 is completely different, even though the metrics are the same (not saying F123 is secure, but you know what I mean).

Also, as mentioned above, if your metrics are stolen, just like a pin or password, you just change the sequence. if pinky pinky ring ring pointer pinky gets cracked we should be able to do ring pinky rping pinky, pinky pointer pointer ring, and it should be fine.

As pointed out below by @Julian, the scans these days can be tricky, which could affect the entire process, but it's possible that partials, or other data could help. Also, like entering a wrong password a few times, these things do happen, so with biometrics it is the same.

Community
  • 1
XaolingBao
  • 897
  • 2
  • 9
  • 21

3 Answers3

2

The real issue with biometrics is that you cannot change them. Well, not without surgery anyway!

That is why you should never replace secure authentication methods with biometrics. As you say, all a biometric does is indicate the you are present and that really only works if there is someone watching - even then there might be ways around even that (a-la Mission Impossible style).

When used on laptops and the like, biometrics are a convenience not so much of a security feature. They are better than using poorly chosen passwords/pins but not generally as good as a good passcode or other multi-factor authentication. (thats a bit of a generalisation, the reality is rather more complex perhaps but hopefully you get my meaning).

So while your idea has some merit, you are still left with the issue that the actual metrics cannot be changed. Yes, you can change the order of the metrics but not the underlying metrics themselves.

You also have the problem of false readings to contend with. The more readings you take, the more false positive/negative entries you will get.

I should, of course, note that not all biometrics are equal. It is harder to obtain iris data than fingerprints for example. But not impossible and once compromised ... game over.

Would this actually provide to be secure?

You write that as though you meant "Secure" - in reality we are talking about differing risks. Your idea is lower risk than a single fingerprint scan but at higher risk of false readings.

How much harder would it be to crack this type of biometric scan?

Somewhat. More data and you need the order not just the metrics.

keeping your prints in their system ... I understand that is not good, but wouldn't the same be said if you entered a pin, or a password? wouldn't it be possible to steal that data as well? The issue is, they would need your device in order to access payments... right? Or would they be able to exploit something?

Again, the issue here is that, once compromised, you can't change them. When someone stores your biometric data, if it is compromised, you might never know but even if you did, there is nothing you can do about it.

How good of an Authentication scheme would it be overall, compared to passwords?

Not good. Because it is hard for users to do. Even a single fingerprint scan can be tricky to get right and often needs more than a single attempt. It isn't just about the security it's about how people have to interact with the system.

Julian Knight
  • 7,092
  • 17
  • 23
  • You mention the same thing about "you cannot change them," which is counter to my point of why I mentioned "multiple biometric data." You cannot Change that F = F, but you can control that your password F123 could be changed to 123F. So having lets say a 15 biometric scan password is much safer than a single. I do agree that currently the scans presented to the public are not very good, but that will change in the future. If your data gets compromised you can just change the order of what you scan, just like if your password was compromised. – XaolingBao Jan 01 '17 at 18:19
  • It is true that multi-metrics are better than a single. But it wont be better than a passcode and you only have 10 "characters" to choose from instead of 70+ - then there is still the false +/- issue which annoys users. – Julian Knight Jan 01 '17 at 21:27
  • It actually is much more complicated than "10." You could technically turn your fingers upside down and now have a completely new biometrics scan. Finger on side? 45*? As you mentioned there is user error, but with Computer Vision you can know how off it is, and if it's above a certain degree, i.e., 15*, then it's not the "same print," if that make sense. There are also toes if you want to do that, and I have heard people using all sorts of weird body parts for scans. – XaolingBao Jan 03 '17 at 21:03
  • Also, the thing is, even if we have a smaller amount of "choices" for biometrics compared to Alphanumerics and symbols, what is the chance of someone getting that data? Brute forcing passwords, and all sorts of other methods can be used on regular passwords because they are hard coded, i.e., 1 = 1, A = A. Whereas a biometric is something that isn't known to the outside world, besides the person. Even if you somehow knew the order that the person used for the scan, you have no clue what the biometrics are. – XaolingBao Jan 03 '17 at 21:06
  • This means that unless you set up a system that records the data, then you don't know what the biometric data is, thus cannot get in. It's as if our passwords were random symbols we made up and fed a computer, that only we knew. And even if we somehow left an entire handprint somewhere, they would still need to figure out what the sequence is. – XaolingBao Jan 03 '17 at 21:08
  • Sorry but you are still forgetting the user aspect. That alone makes this less not more secure because people will hate using it. You are also over-complicating things. Turning hands or computers round to scan things in?? No thanks. Easier to just type in a longer passcode or even easier to use a password manager that does it for me. All the security without the hassle. Security isn't just about entropy. – Julian Knight Jan 03 '17 at 21:15
  • For sure, I'm more thinking about this on mobile, where biometrics is being used mostly. People love using the biometrics on their phone, they would do all sorts of weird things to log in, but I understand that the user themselves will make it insecure because their biometric scans could still suck. – XaolingBao Jan 03 '17 at 21:20
1

I'll break it down like this:

Is it more secure than plain biometrics?

Yes. Since you're integrating two authentication methods into one, it technically is a better option BUT:

Is it exploitable?

Yes, yes, yes. I could have a camera above recording the entire process, have a nasty reader just writing your fingerprints to a location (it would be a lot more than just one finger - more possibilities for nasty deeds) - the options are endless.

tl;dr: It is more secure but is by no means unbreakable.

thel3l
  • 3,384
  • 11
  • 24
  • But that's as exploitable as a password being stolen, or a CC number, or pin. you just would have to change the biometric data, as if you were changing a password, to a new sequence. – XaolingBao Jan 01 '17 at 18:20
1

It is now considered as best practice to only store a hash of passwords, because if the password database is compromised, the attacker only get hard to invert hashes and user can easily change their password before they have been broken.

Biometrics is by its very nature not an exact value. So you compare the stored fingerprind and the new one and say it matches if the error is below a threshold. But this forces to store the fingerprint (on any other biometric measure) in an invertible form. Thus if a biometrics database is compromised all the measures it contains are indeed compromised, and they can hardly be revoked...

For those reasons, biometrics is great to securely identify a person when a security officer controls de visu the biometric measure operation, but is should never be used for a remote authentication system.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84