Re: Driver for Microsoft USB Fingerprint Reader

Alan Cox wrote:
> Ar Iau, 2006-07-06 am 00:48 -0400, ysgrifennodd [email protected]:
>> As far as I can tell, the only thing you want is AUTHENTICATION - you
>> want proof that you are getting a "live" scan taken from a user
>> who's present, and not a replay of what was sent last week.
> 
> Read the papers on the subject. If I can get copies of the unencrypted
> data I can use those to make fake fingers. 
> 
> A finger print is personal data, arguably sensitive personal data. That
> means there are lots of duties to store it securely. It is also very
> hard to revoke a fingerprint so theft of data is highly problematic as
> it will allow me to generate fake fingers. Theft of encrypted data might
> allow replay attacks on one PC. Big deal.

A fingerprint is a good identity token, but it's not a secret, nor is it
really feasible to protect it (IE you leave them everywhere).

see:

http://www.schneier.com/crypto-gram-9808.html#biometrics

The transmission channel for the data must be protected in some way to
prevent replay attacks. challange response, radius style shared secret,
one-time-key approach

The data itself needs to be cryptographically secured on the
authenticating side because, otherwise you can game the identity system.

A- Alice subverts the machine containing the identity management system
and uses bobs finger print data to fool the identity management system
next time.

B - Substitution, alice replaces bobs fingerprint in the identity
management system with her own, now alice is bob.

biometric data might be useful as an identy token, but if used as the
sole source of authentication data it is pretty seriously lacking.

> Alan
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/


-- 
-------------------------------------------------
Joel Jaeggli ([email protected])
GPG Key Fingerprint:
5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • Re: Driver for Microsoft USB Fingerprint Reader
    • From: [email protected]
  • Re: Driver for Microsoft USB Fingerprint Reader
    • From: Alan Cox <[email protected]>

• Prev by Date: [TRIVIAL PATCH] Remove leftover ext3 acl declarations
• Next by Date: Re: [PATCH 5/6] FDPIC: Add coredump capability for the ELF-FDPIC binfmt [try #3]
• Previous by thread: Re: Driver for Microsoft USB Fingerprint Reader
• Next by thread: Re: Driver for Microsoft USB Fingerprint Reader
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]