[VOIPSEC] Identity Management and VoIP and More

[Stephen Wilson]

Not wanting to divert from VOIP onto biometrics too much ... however ... 

The problems with biometrics in this context run very deep. 

As Michael Slavitch says, fingerprint methods are indeed particularly
vulnerable to attack.  The cheaper biometric scanners can in fact be
spoofed by simply breathing on them to activate the latent print left
behind by the last user.   "Liveness" detection is only available in
top-of-the-line terminal equipment; I cannot imagine liveness detection
being common in phones. 

But the deeper problem with biometrics is their inherent closed-ness.  You
register your template with an administrator for a domain, and you can only
present yourself to terminals in the same domain.  That is, biometrics only
authenticate you to an entity who already knows you.  The mobile phone
handset applications I have seen -- like typical laptop security -- store
the template within the device and then make use of the bio as a
replacement for the PIN; i.e. it is 1-to-1 verification. 

But in telephony, if a biometric presented at a remote phone is to be
recognised by other nodes in the network for the purposes of individual
authentication, then we will need to expand the enrolment domain.  There
would have to be a central register of templates, and a standardised
enrolment process so that all registered users in the domain can be
recognised by all other users.  

Does anyone imagine subscribing to a telephony service by registering one's
fingerprints with the carrier?  Leaving aside detailed issues like false
positives, false negatives and whether the systems can actually resist
gelatine gummi bear attacks, there are deeper systemic issues to do with
privacy, security of the central template registration database, the
temptation to share templates across carriers (in the name of
"interoperability"), and so on. 

Skeptically yours, 

Stephen Wilson
Lockstep Consulting Pty Ltd
www.lockstep.com.au
ABN 59 593 754 482

11 Minnesota Ave
Five Dock NSW 2046
Australia

P +61 (0)414 488 851

--------------------

About Lockstep 
Lockstep was established in early 2004 by noted authentication expert
Stephen Wilson, to provide independent specialist advice and analysis on
identity management, PKI and smartcards.  Lockstep is also developing
unique new smartcard solutions to address privacy and identity theft. 




> And as has been discussed elsewhere fingerprint-based biometrics aren't
> secure even against a gelatin-based attack:
> 
> http://www.schneier.com/crypto-gram-0205.html
> 
> 
> On 6/29/06, Dustin D. Trammell <dtrammell at tippingpoint.com> wrote:
> >
> > On Wed, 2006-06-28 at 18:58 -0700, Mahesh Jethanandani wrote:
> > > One way that I see the equipment and the person coming together is
> > > through a biometric device. The person authenticates oneself to the
> > > device under use - whether it is the physical phone or a PC running a
> > > softphone. Once the identity has been established between the person and
> > > the device under use, the same is used to transfer it in the call that
> > > is made.
> >
> > But what happens when the user moves away from the device, such as the
> > user leaving the office after authenticating to their wired desk phone
> > or softphone running on their workstation?  Time to marry that biometric
> > authentication with some kind of proximity detection to automatically
> > "log out" the user from the device if they are no longer around.
> > Otherwise, anyone else could walk up to the phone and make a call as the
> > original user.
> >
> > Just think of the potential human-tracking capabilities that arise from
> > that combination of technologies...
> >
> > --
> > Dustin D. Trammell
> > VoIP Security Research
> > TippingPoint, a division of 3Com