Upload
sofia-kirkpatrick
View
212
Download
0
Embed Size (px)
Citation preview
““Lessons for Biometrics from Lessons for Biometrics from SSNs & Identity Fraud”SSNs & Identity Fraud”
Peter P. SwirePeter P. SwireOhio State UniversityOhio State University
National Academy of SciencesNational Academy of SciencesMarch 15, 2005March 15, 2005
OverviewOverview
Theme for today:Theme for today: Learn from SSNs & identity theft problemsLearn from SSNs & identity theft problems ““Don’t release the keys”, in cryptographic Don’t release the keys”, in cryptographic
systems or in biometricssystems or in biometrics Proposal: law to prohibit the selling or sharing of Proposal: law to prohibit the selling or sharing of
individuals’ biometricsindividuals’ biometrics Prevent loss of the keys that breed fraudPrevent loss of the keys that breed fraud
Swire BackgroundSwire Background
Now law professor at Ohio StateNow law professor at Ohio State Teach computer security, privacy, cyberTeach computer security, privacy, cyber Consultant, Morrison & FoersterConsultant, Morrison & Foerster
Was Chief Counselor for Privacy, OMBWas Chief Counselor for Privacy, OMB 1999-early 20011999-early 2001 Worked to fund CSTB study on authentication Worked to fund CSTB study on authentication
and privacy; discussed biometric studyand privacy; discussed biometric study
Problems with SSNsProblems with SSNs Technically weak identifierTechnically weak identifier
No check sumNo check sum Easy to fake or to stealEasy to fake or to steal
Uses have spread dramatically over timeUses have spread dramatically over time Despite earlier promises to use only for Despite earlier promises to use only for
federal programsfederal programs Nonetheless, SSN is now the “key” information Nonetheless, SSN is now the “key” information
that gives access to credit system and that gives access to credit system and authoritative credentialsauthoritative credentials
ChoicePoint incident & data compromised for at ChoicePoint incident & data compromised for at least 145,000 personsleast 145,000 persons
Algorithms and KeysAlgorithms and Keys Modern cryptoModern crypto
Kerchkoff’s law and assume the algorithm Kerchkoff’s law and assume the algorithm should be publicshould be public
Keep the key/password secretKeep the key/password secret If the key is copied/compromised, the system is If the key is copied/compromised, the system is
wide openwide open Especially for online/remote applicationsEspecially for online/remote applications Also for fake drivers licenseAlso for fake drivers license
““A Model for When Disclosure Helps Security: A Model for When Disclosure Helps Security: What Is Different About Computer and Network What Is Different About Computer and Network Security?”, at www.ssrn.comSecurity?”, at www.ssrn.com
How to Prevent Loss of KeysHow to Prevent Loss of Keys
For SSNs, perhaps law this year For SSNs, perhaps law this year prohibiting “sale or display” of SSNsprohibiting “sale or display” of SSNs Goal of enhancing the security of the “keys”Goal of enhancing the security of the “keys”
For biometrics, why not have a law For biometrics, why not have a law prohibiting the “sale or display” of plaintext prohibiting the “sale or display” of plaintext of biometrics?of biometrics? Goal of enhancing the security of the “keys”Goal of enhancing the security of the “keys”
Benefits of the No Display LawBenefits of the No Display Law
Prophylactic rule, before have commercial Prophylactic rule, before have commercial enterprises who depend on the sale or displayenterprises who depend on the sale or display
Keep the keys more secure from the startKeep the keys more secure from the start Bad enough to get a new SSNBad enough to get a new SSN
Much harder to get a new finger, iris, etc.Much harder to get a new finger, iris, etc. Encourage encryption in storage and use of Encourage encryption in storage and use of
images of fingerprints, etc.images of fingerprints, etc. [Interlude – best practice should be encrypt biometrics [Interlude – best practice should be encrypt biometrics
in storage]in storage]
Exceptions to the LawExceptions to the Law
PhotosPhotos ManyMany non-security uses of photos non-security uses of photos Faces are seen in publicFaces are seen in public
DNA samplesDNA samples When is transfer appropriate for medical When is transfer appropriate for medical
treatment or research?treatment or research? Burden on others to explain why the Burden on others to explain why the
biometric “keys” should be made publicbiometric “keys” should be made public
ConclusionConclusion
One-time opportunity for society to protect One-time opportunity for society to protect biometric keys before they are compromisedbiometric keys before they are compromised
Let those who think display or sale is good Let those who think display or sale is good explain precisely why, and craft exceptionsexplain precisely why, and craft exceptions
Without clear law, we will see proliferation of Without clear law, we will see proliferation of disclosures, in insecure applicationsdisclosures, in insecure applications
Without encryption, will have data leaksWithout encryption, will have data leaks If so, biometrics could become a failed If so, biometrics could become a failed
approach, like SSNs todayapproach, like SSNs today