Вы находитесь на странице: 1из 6

[Submitted to IEEE - June 2011]



Biometric Collection: A Honeypot for Hackers

Michael (Micha) Shafir
Chief Scientist, Innovya Traceless Biometric System Research & Development Innovya TBS Kiryat-Ono, Israel micha@innovya.com Assistant Robert D. Dischert Mohamed A. Ebrahim Brandon Pantano rdischert@gmail.com ebrahim@innovya.com brandonpantano@yahoo.com as President Obama describes, Weapons of Mass Disruption. [2] First, currently there is no single technology that can mitigate the weakest link in the security chain; End-User Authentication, a legal access made by a set of composite Phishing or Crawling acts, triggering global cyber attacks. There are no pragmatic, arithmetical, or automatic means to compare a legitimate individuals unequivocal identity record with computers, when the individuals authentication is based on remote authentication or growing biometric databases [3]. In this electronically interconnected world, weak real remote authentication of the end-user is the gap that allows hackers to use counterfeited legitimate entry with simple, front door credentials, hiding themselves behind undiscoverable secure tunnels. Machines that process data, cannot see differences between legitimate and fake-legitimate entries as to a machine, they all look the same. High tech savvy hackers use system security measures themselves to gain access. Trusted real end-user authentication is the common case, but through current business, or other known solutions, users and administrators find themselves required to serve under such weak conditions. Second, storing easily penetrable Biometric information on contactless smart cards is doomed for long-term failure. Any electronic data storage method, such as RFID chips or smart storage cards, which contain irreplaceable personal data that can be read by third parties, gives it the obvious potential to be hacked, copied, cloned and manipulated in minutes. The stolen data might be accepted as genuine by the computer software recommended for the use at international airports, buildings, hospitals, sporting events, etc. It would seem as if the only real way to prove you are who you claim you are to an automated system is through the use of biometrics as a means of authentication. Although there has been a dramatic increase in computing power and algorithm efficiency in the last decade, it seems that any Biometric collection is suffering from an arrested development of civilian authentication. This apparent paradox is the core of the current debate on identity authentication. As of now, the only logical way to

Abstract Today, there are no physical or virtual boundaries to prevent intruders from gaining access to sensitive data, including Biometric data in free space (RFID), private sector or government storage areas. The reason for using Biometrics is to bridge the verification gap between humans and machines. The latest cyberattacks prove One Time Password (SecurID) has failed to protect faked legitimate access. Significant federal sites with RSA protection were recently breached. Biometric storage methods define conditions for individual identification by storing indefeasible characteristics in national, government and private databases. It also means specifying the characteristics that distinguish or identify the actual identity of a person, rather than using it for authentication only. Storing biometric data gives hackers the obvious potential to hack, copy, clone or manipulate sensitive/irreplaceable information in minutes. Financial institutions, Fortune 500 companies, governments, intelligence agencies and militaries worldwide have spent billions of dollars to prevent illegal access to protect critical intellectual property, plans and finances on mainframes, data centers and computers. This paper outlines the vulnerability of current sensitive Biometric data storage systems and presents a unique solution to this growing security threat with the use of privacy friendly amorphous identifiers. Keywords: Traceless Biometrics; Cyber Attack; Privacy Friendly; Human Rights; OTP; RSA; SecurID; Innovya; Faked Legitimate Access; RFID; ePassport I. INTRODUCTION

Whether it is Firewalls, Intrusion Detection Systems, Intrusion Prevention System, Private Key Infrastructure, Application Security, Secure Socket Layers, SecurIDs, or Load Balancers, facts show that none of these security measures can prevent hacking, given that the best bet is to attack vulnerable endpoints, or computers that are connecting remotely and are not likely under the direct control of the organizations security policies [1] creating,

authenticate humans without putting any personal information at risk is via the use of a completely anonymous traceless biometric authentication system. Traceless Biometric Authentication is a unique technology that is able to authenticate strangers to the Biometric Authentication System without the use of a human biometric database. A traceless method does not require an infrastructure; therefore it can work offline and eliminates the need for proprietary scanning hardware. With this technology, there is no need for central databases, stored templates, or any type of smart cards. The traceless solution is completely anonymous, removing all privacy law issues and any chance of being cloned. II. THE BIOMETRIC COLLECTION PARADOX

In this article we are going to demonstrate the apparent conflict between what unequivocal identification theory tells us is true about the behavior of matter on the microscopic or tiny level and what we observe to be true about the behavior of matter on the true world macroscopic large scales level. Living beings are mixed with time, they are in an endless transformation. No biological individual may remain the same individual (i.e., identical) throughout time. Today however, we see signs of the interest for personal identity wherever we go. Arguments on personal identity have been raised by philosophers, social scientists and psychologists in relation to bioethics (e.g. Immanuel Kant (1724-1804) said Human beings should never be treated as merely means to an end - Namely, Human beings must not be sacrificed to fulfill other purposes), immigration and ethnicity (e.g., cultural identities, assimilation, integration), globalization (e.g., cosmopolitism, global citizenship, re-tribalization processes), young generations (e.g. crisis of identity, pseudo-identities, false identities), and body politics (e.g., trans-genderism, cyber-identities, trans-humanism, cosmetic surgery, body arts). Late modernity is characterized as Giddens puts it by a feeling of ontological insecurity, that is a very basic sense of insecurity about ones personal identity and ones place in the world. The feeling of ontological insecurity corresponds to a weak, uncertain, definition of what makes a given individual that very individual. What are criteria for identifying individuals in different contexts, under different descriptions and at different times? What attributes identify a person as essentially the person she is? Philosophers would argue that none of these questions is really new, yet what makes them new is their current political relevance. Defining the conditions for individual identification does not reduce to specifying conditions for identities of persons, for personal continuity or survival, or for other highly metaphysical questions. Defining the conditions for individual identification also means specifying the characteristics that distinguish or identify the actual identity of a person. In other words, it means to

define the conditions for satisfying identity claims, the elements that distinguishes a person by other persons and he/she is re-identified or dis-identified. We are interested in someone being the same individual for many reasons. First, individuals are responsible for their actions and their commitments. If there was no certainty about personal identity, any kind of transactions, the entire legal system and financial domains could not be even thinkable. However turning the human body into the ultimate identification card is extremely dangerous. The possibility of fraud with electronic chips and biometric data should not be underestimated. Exposing or losing biometric property is a permanent problem for the life of the individual, since, as weve mentioned, there is no practical way of changing ones physiological or behavioral characteristics. How do you replace your finger if a hacker figures out how to duplicate it? If your biometric information is exposed, in theory, you may never be able to prove who you say you are, who you actually are or, worse yet, prove you are not who you say you arent. III. BIOMETRIC COLLECTION CANNOT DEFEAT DOUBLE IDENTITY

Often it is argued that privacy is guaranteed or at least improved, when biometric raw data cannot be reconstructed from biometric templates, which are stored and transmitted for the purpose of biometric authentication. It is shown that there is strong evidence for raw data to be reconstructed from template data. Furthermore, misuse of templates does not necessarily need a reconstruction of raw data. The use of wide circulated biometrics collection creates a whole new area of logical mistakes and/or conflict(s) that seems to be self-contradictory. When nonbiometric security authentication elements are breached, security can be reestablished by selecting new authentication elements. The same cannot be done in an instance where stored biometric information is breached. Biometric information cannot be changed. Our fingerprints, face, retina and all, are what they are. [4] Any false positives rate in a large national collection would lead to large number of false matches. The combination of these issues requires a careful ethical and political scrutiny. The question we are faced with is how can we truly use biometric information without risking or collecting it or even without separating it from its owners physical body? IV. THE EXPERIENCE TEACHES US THAT ANY STORAGE MEDIUM IS BREAKABLE

We can change our name or address, but we cannot change our body parts. Any growing collection of personal information is dangerous to privacy and freedom from harassment or disturbance. Trampling human privileges cannot be considered as an instrument that protects the nation.



The reason biometric collection is dangerous is not because it is not a good idea; it is because it is extremely inefficient. A growing collection creates a numerical blind spot, no matter how accurate the fingerprints might be. As long as the numbers are immense there is no practical way to avoid false matches. The problem is NOT how many fingerprints from a given individual were being matched. The problem is the best Finger print system [6] was accurate 98.6 percent of the time on single-finger tests, 99.6 percent of the time on two-finger tests, and 99.9 percent of the time for tests involving four or more fingers. Needless to say, any additional finger duplicates the original size of the original database size; therefore larger database creates a longer delay for each scan. These accuracies were obtained for a false positive rate of 0.01 percent. It means that if the scan is indeed 99% accurate there are 10,000 false matches per million records in the national database. If the national collection has 100 million records it comes to 1,000,000 false matches per scan, we now need to ask, how is a record getting scanned?

records causing CPU bottlenecks and endless retrieval time. These side effects push authorities to use unsecured storage comparison, leaving databases completely unencrypted. In order to accelerate the comparison process and leaving the database unencrypted is enormously dangerous and against the privacy laws. Wide open databases encourages intruders to break in and steal priceless/irreplaceable information. Every encrypted record will prevent quality Real Time service to innocent people. This generates a paradox question: In what form the Biometric collection should be held in the database, Raw or Encrypted? VI. WHY IT IS A PARADOX?

Comparing Raw to Raw records is far from being practical as it creates mistakes. For computers to decrypt every record creates huge latency (long clock cycles on every decrypted record). On the other side if stored records are Raw how is the collection protected from exposure?


Fig. 2: Raw image enables to figure origin *(There is strong evidence for raw data to be reconstructed from template data)

Fig. 1: 99% accuracy is 10,000 false matches/million stored records Adopting a one-to-one (1:1) compression method to save encryption seek time cannot justify the need or existence of National Biometric collection. One-to-one (1:1) compression methods certainly cannot prevent Doubled or Faked Identity. Replicated databases on circulated locations cannot be called secure as they are multifold and exposed to information leakage. On the other hand, to coordinate multiple requests taken from a single centralized place involves complicated architecture, expensive maintenance, replication procedures and transmission latency with multicast bottlenecks. Each request needs to be compared to hundreds of millions of records, preventing security and privacy priorities to dominate. Using cryptography on centralized database is unbearable on hundreds of millions

Fig. 3: How secure is the comparison?

Most biometric authentication systems use a similarity score as an internal variable, whereby if enough numbers of starting points are given, it is possible to find the highest point without being trapped by local minima. Different readers, cameras and sensors, generate ever so slightly different biometrics results. These varying starting results, when encrypted alike, will not yield the exact same decrypted result. As long as the stored samples are encrypted or scrambled they cannot practically be compared to each other. In other words comparing a fresh new scanned record to other encrypted record in the database is not practical. Both records must be in a raw form to be efficient.


Fig. 4: match Scrambled image to Scrambled image is not practical On the other side convert every encrypted record to Raw for comparison as the law requires, takes a lot of CPU clock cycles.


Fig. 5: Decrypt scrambled records cause CPU onerous



Storing Biometric information on a contactless smart card is intended for long-term failure. Any electronic data storage method by which content can be read (e.g. RFID, smart/storage cards, etc.), gives it the obvious potential to be hacked, copied and cloned. New Micro-chipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports. The best secrets are secrets that are never shared. Storing those secrets on a readable electronic card from which any simple RF dump reader can extract that information, in the same way as international border readers do, or storing your personal information together with your biometric characteristics on a readable electronic device is as irresponsible as buying a Safe-lock that can be opened with any kind of ke or sticking a label with your PIN on the

back of your ATM card! Those determined to bypass copyprotection technologies have always found ways to do so. The challenge is obvious. All what needs to be done is to make a fake or just use RF dumped information that is accepted as genuine by the reader, which is less of a challenge than wed like to believe. Remote Authentication was originally developed to support a decision on how best to meet the need to authenticate credentials provided by untrusted remote users. RSA and their SecureID that considered 'Unbreakable' was hacked [7]. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations. Do we need to provide another tragic event to prove any information bank is breakable? In today's age of large, distributed networks, trusted remote machines are rare. Untrusted users are the common case for attacks, however through business or other requirements, users and administrators find themselves required serving such users, regardless. These may be machines maintained by disreputable system administrators, machines that are believed to have suffered compromises, or simply machines for which the user suspects there are a high probability of future compromise. It is desirable not to provide sensitive information to such users, however in order for business and governments to operate simple daily functions, CTOs and IT managers find themselves in a desperate race to find a cure. Remote Biometric authentication is dangerous given the fact that someone can provide cloned traceable Biometric information without any practical ability to discover it over the wire. It is just a simple duplication of the same known problem of capturing the Username and Password of those remote users. Traceable Biometric is not differing from any present input, besides huge risk to body identity and human privacy. Many inventors have offered a myriad of approaches attempting to providing inexpensive, minimally accumulated and compact verification systems in which digitized characters of human users could be stored, retrieved and compared at some later time to verify that a human user is indeed a properly authorized user. To date, none have succeeded in producing a system that is practical and desirable for use in providing non-unique biometric security for appropriate for use with real-time reaction biometric measurements (without need to dangerously store unique information). Because of these and other significant limitations as mentioned earlier, no commercially viable biometric-based non-unique security system has been successfully invented. Close-loop Fuzzy Biometric logic is a set of mathematic algorithms and programming that more accurately represents how the human brain categorizes objects, evaluates conditions and processes decisions. Close-Loop Fuzzy Traceless Biometric logic allows an object to belong to a set to a certain degree or with a certain confidence. Instead of using unique biometric information, an amorphous identifier(s) agent is replacing it. It was first

proposed by Shafir [8] et al. Besides reliable accuracy performance and the replacement policy Traceless Biometrics has to be nonreversible in order to fulfill the aim [9]. The Traceless Biometrics approach, uses non unique remedies and a Real Time Reactive Authentication process solves all such cloneable, deflectable and privacy challenges. The Traceless Biometric workflow uses the time tested photo ID concept, wherein the machine matches a picture to a person, no different than in any typical biometric authentication process. In a very simplistic way, just as in a mirror reflection, anyone can authenticate a strangers reflection without the need to compare the reflection against any other source of stored information. It does so, however, in a manner that is, as its name suggests, traceless, without storing any biometric data anywhere. Privacy activists concerning about the protection of stored or transmitted biometric data are often reassured by the statement that biometric raw data cannot be reconstructed from stored biometric templates. Innovyas Traceless Biometric Authentication patented [10] process consists of a comparison of only a portion of predetermined biometric elements against the users [11] associated access device, wherein the instructions for which such portions and their mathematical modifiers are stored on the access device, somewhat similar, in an oversimplified sense, to the PIN on an ATM card. Unlike the ATM card, however, the system will not authenticate unless that specific user is the one seeking authentication because positive identification is derived from biometric elements on the users person, and therefore becomes useless without the user [12]. Should the access device be hacked exposing the numerical string derived in the Traceless Biometric Authentication process, an alternative Traceless Biometric Authentication element can easily be programmed and reissued to the user.

REFERENCES S. Gorman and S. Tibken, Security tokens take hit RSA offers to replace its SecureIds or provide monitoring for nearly all customers, The Wall Street Journal, in press. 2. C. Drew, Stolen data is tracked to hacking at Lockheed, The New York Times, in press. 3. E. Pilkington, Washington moves to classify cyberattacks as acts of war, Guardian.co.uk, in press. 4. M. Stone, Obamas cybersecurity plan, Security technology policy paper, Columbia University, School of International and Public Affairs, Vol. 1, Spring 2010, p. 1. 5. M. Shafir, The myth of biometrics enhanced security part 1, Security Park, in press. 6. M. Shafir, The myth of biometrics enhanced security part 2, Security Park, in press. 7. J. Cheng, Researchers: 307-digit key crack endangers 1024-bit RSA, ars technica, in press. 8. W. Kalaf, Arizona law enforcement biometrics identification and information sharing technology framework, Naval Post Graduate School, March 2010, p. 10. 9. T. Bradley, RSA SecureID hack shows danger of apts, PC World, in press. 10. M. Shafir, Enabling secure transactions without storage of unique biometric information, knol, in press. 11. M. Faundez-Zanuy, Biometric recognition: why not massively adopted yet?, IEEE Xplore, in press. 12. FBI, FBI switches to faster fingerprint identification technology, 1.

Traceless Biometric Mirror Image Allocation & Matching

Fig 6. Traceless Biometric Mirror Image Allocation& Matching