On Biometrics and Passwords

It seems that whenever the topic of biometrics comes up there are some that can’t stop worrying about what will happen if someone gets ahold of your biometric data. After all, how hard is it to lift a fingerprint off a glass at a pub? Will using fingerprints for authentication mean you have to wear gloves everywhere or be subject to identity theft or will you have to burn off your prints and get new ones if someone compromises your fingerprint? Well, The answers are no. The reason for the confusion probably stems from thinking of biometrics as passwords, secret things that only you have. However, this is not the case at all.  The security of biometrics comes from the fact there is only one human that matches the profile, not the secrecy of the profile itself.

A fingerprint cannot be compromised. A biometric identifier is not like a password. it is not meant to be secret. Think of your fingerprint as… well… like a public key cryptographic fingerprint really. Your public key fingerprint isn’t secret. in fact, you generally want to distribute it as far and wide as possible. What makes it useful is that there is a corresponding private key that only you have that can be matched to said public key. A physical fingerprint is similar, everyone knows your fingerprint but there is only one warm human body that is associated with it. Present the warm human body (your own) that matches the fingerprint on file and you gain access. So we have the analogy that a public key fingerprint is to a private key as a physical fingerprint is to a warm human body with said fingerprint.

This of course means that biometrics are only good for ‘online’ verification, meaning there is a trusted path between your body and whomever you are identifying with. this can be anything from a physically secure ATM, a security guard that applys the test, or whatever is appropriate for the application. The security of biometrics comes not from the secrecy of the fingerprint, but the security of the path from the human being biometrically tested to the verifyer. Hence, you cannot ‘compromise a fingerprint’. You can however compromise a specific biometric system. If you find you can lift and transfer fingerprints easily with a gummy bear for a specific reader, you have broken that particular reader, but you don’t need to burn off your fingerprints and get new ones (like you change passwords when one has been compromised). you simply stop trusting anything that uses said broken reader.

PS. does anyone else enjoy the irony of using an abstract mathematical concept to explain a straightforward real world transaction? 🙂

Comments 1

  1. Pradeep wrote:

    what about a prosthetic arm with fingerprints modelled from a collected fingerprint details. the Q becomes how good the device can be in diffentiating artificial limbs to the real one

    Posted 15 Jan 2011 at 1:13 pm