Jump to content

Windows Hello

Newt

By Newt
in Science & Spaceflight

 Share

Recommended Posts

cpast

cpast

Posted
Posted (edited)
The "lock" on the server asks for the "key" - I cannot give the server my thumb, so data is exchanged - what stops anyone from just sending the data without me and my thumb present?

The data is sent encrypted - like passwords are (if everything is working out that is ...) - but whatabout "thumb loggers"?

Banks (in Germany) use HBCI-signature cards and readers, the reader has its own keypad, so the reader can encrypt signature data and PIN code before sending them to the bank via the computer it is connected to - a separate "thumb reader" would be the answer then?

So, once more we are depending on good encryption basically?

And what happens if someone manages to access the reader from the outside?

Nothing; you cannot use biometrics with an untrusted scanner, or it changes from "something you are" to "something you know". That's why biometrics don't generally send a thumb pattern to the server; the way this is generally implemented is that a key is stored on the local device, and only unlocked upon successful authentication with biometrics. Basically, the way this would likely be implemented (and is implemented on iOS, AFAIK) is essentially a local keychain. Protection over the wire is done just like it's done with passwords, with the addition of high-entropy secrets instead of low-entropy ones (alternatively, you could likely get away with using certificates to do authentication to the server).

Before you sing the praises of passwords, note that they are a very, very flawed form of authentication: most people have atrocious password management, ranging from putting passwords on sticky notes on the computer (or in plaintext files), to choosing very low-entropy passwords, to giving their passwords out to people who ask. Biometrics are likely going to end up harder to steal than passwords in practice; it's really, really easy to steal passwords by getting people to tell them to you, while stealing a biometric indicator can't be done remotely.

Edited by cpast
Link to comment
Share on other sites
cpast

cpast

Posted
Posted (edited)
History has shown that these kinds of optimistic views are not very realistic.

Biometric indicators on properly designed systems never leave the system in question. They're stored in tamper-resistant chips, which will not reveal them even with physical access (they check that a submitted thing is or isn't equal to the stored data, but don't reveal their stored data). They never leave the trusted system. Passwords *must* leave a controlled system, because they're sent in some form over the Internet and because users know them. Biometrics are not known to the users, and never have to leave the controlled system. This makes them just about immune from remote theft.

In your response to "just use a password, don't use both:" Passwords are terrible security devices for humans. Seriously. They have some things they're good at, but many things they're bad at. Biometrics are poor security devices. Their weaknesses largely do not overlap. Password+biometric is far, far better than either alone. Biometric is better than password for an average user, because an average user's password is really awful and they've shared it with a half-dozen places (if even one of those places has poor password management, you're in trouble at all of them). Passwords, well-used, are pretty good. Biometrics, well-used, are decent. Users do not properly use passwords. Users are more likely to properly use biometrics.

Edited by cpast
Link to comment
Share on other sites
Camacha

Camacha

Posted
Posted (edited)
They're stored in tamper-resistant chips

Since when have those been truly safe? More often than not it is a fancy marketing story, not a factual representation of the actual security of such a chip.

[story]

It is all a great story, but does nothing to change the basic inherent flaws that come with biometrics. You can mitigate those, but not eliminate them, which makes them a huge weakness. Yes, people generally have terrible password etiquette, but at least most do not carry it openly around on their bodies. Additionally, people can be trained to employ more secure passwords. Only recently security companies have started to recognize this part of security, so a lot of ground is to be gained.

Do not get me wrong, I am not purporting passwords to be the definitive security technology, as they are certainly not. I am pretty sure biometrics are not though, and also should not be part of the set of measures employed when if comes to security for the masses.

Edited by Camacha
Link to comment
Share on other sites
RainDreamer

RainDreamer

Posted
Posted (edited)

Biometrics data, Keys and password storage is a whole different facet of those systems. All of them can be stolen, with varying difficulty for an attacker:

Simple biometric data (Facial image/finger print/voice): You already lost it.

Password: Can be social engineered, can be cracked. Can even be guessed if user is silly enough.

Physical Keys (cards, USB drives, etc): Require physical contact with target to be stolen.

Advanced biometric data (DNA, retina scan): Require
intimate
physical contact with target to be stolen. Or infiltrate a whole different system to get medical data.

Also, there are varying difficulty in replicating the data to be accepted by the system once you get it:

Password: Just enter it.

Simple biometric data: Require some simple tech and little effort to fool the system, especially on very basic ones.

Physical Keys: Require more tech to replicate the keys, depending on types.

Advanced biometric data: Might as well coerce the target with force instead of going through all that work.

But again, if we are talking about the context of home security, it is unlikely that the last two types are used, because there are usually not enough reason to use them, compare with how inconvenient they are. So we have simple biometric vs password, if only one system alone is used.

Password is usually easier to manage in these cases. Although biometrics will adds another layer that will discourage most attackers that just want to look at stuff on your computer or cloud data, as that require some more physical effort to get and replicate, despite how easy you can get those things, and there are just better things to do.

Edited by RainDreamer
Link to comment
Share on other sites
Camacha

Camacha

Posted
Posted
Biometrics data, Keys and password storage is a whole different facet of those systems. All of them can be stolen, with varying difficulty for an infiltrator:

Advanced biometric data (DNA, retina scan): Require intimate physical contact with target to be stolen. Or infiltrate a whole different system to get medical data.

Getting DNA is easy, very easy. The only technology that appears to provide some degree of security is a retina scan, but as your eyes are publicly visible, that too is just a matter of time.
Link to comment
Share on other sites
RainDreamer

RainDreamer

Posted
Posted (edited)
Getting DNA is easy, very easy. The only technology that appears to provide some degree of security is a retina scan, but as your eyes are publicly visible, that too is just a matter of time.

Possibly to get DNA data, but it is quite easily contaminated too in the usual places you can find them, and require more effort in extraction. It also requires physical contact with the target like a physical key, but at least it is easier to get.

Replicating them, so that the system recognize and accept them though, is still something extremely difficult to do. You can possibly clone some DNA material for use (though I really wonder how to clone more DNA material from a person hair into something that a blood extraction system can accept, for example), or easier, you can just steal usable DNA material from medical centers that haven't been contaminated, and that might work. But it requires physical effort. Remote attacks are not possible. Retina data is completely unique to each person and can't be cloned, and if we can replicate an eye with all the fine capillaries in it correctly, I would say that is a medical breakthrough. It would be easier to just point a gun to the person's head and force them to access the system for you when you are dealing with those system.

Edited by RainDreamer
Link to comment
Share on other sites
Dodgey

Dodgey

Posted
Posted
For many years, a simple pattern has been insufficient to fool sensors. Just about every fingerprint scanner on the market has things to detect whether there's an actual human finger there, or if it's a bit of plastic. It can be fooled, but it's not trivial to do so.

Though I wasn't clear on the matter (didn't mention it at all) I was referring to the scanners typically found on laptops.

Link to comment
Share on other sites
InterCity

InterCity

Posted
Posted

Not a good idea.

I think that the main security problem of Windows is that it's mainstream and closed-source. Translation: you have an angry mob of hackers outside stealing your data and breaching your protection, and there is no community eager to fix your errors, because you don't give them the source. Also, Microsoft should focus on separating security systems rather than interconnecting them. One stolen password could mean a disaster in a connected world.

Link to comment
Share on other sites
RainDreamer

RainDreamer

Posted
Posted

I still wonder how they are implementing this, but it all sounds bad. Fast and convenient, which is what they are going for, does not have a lot of things overlap with security. I hope those things are not going to be a requirement to use later OS.

Link to comment
Share on other sites
InterCity

InterCity

Posted
Posted

H

And the NSA gets free finger prints from all around the world, yay.

I was not talking about the security of a mean of an authentication, but rather about the vulnerability if a closed project whose errors don't get discovered nearly as fast as on community project.

And, AFAIK, NSA doesn't have the resources to closely watch 7 billion people at once.

Link to comment
Share on other sites
Camacha

Camacha

Posted
Posted
Replicating them, so that the system recognize and accept them though, is still something extremely difficult to do. You can possibly clone some DNA material for use (though I really wonder how to clone more DNA material from a person hair into something that a blood extraction system can accept, for example), or easier, you can just steal usable DNA material from medical centers that haven't been contaminated, and that might work. But it requires physical effort. Remote attacks are not possible. Retina data is completely unique to each person and can't be cloned, and if we can replicate an eye with all the fine capillaries in it correctly, I would say that is a medical breakthrough. It would be easier to just point a gun to the person's head and force them to access the system for you when you are dealing with those system.

That is the whole point - with biometrics, remote attacks become possible. People have cheap DNA labs in their homes, so processing that is not an issue at all. As soon as you have equipment on a phone or wherever that can read and digitize that information, you are pretty much done. One breach in the wrong place and people can copy your DNA on the other side of the world without you ever knowing. Even if the technology currently is prohibitively expensive, the cheap DNA technology people use in their basements was too just 15 or even 10 years ago. Hashing and salts and all that goodness can prevent a lot of that, but you know it is going to hit the fan sooner or later.

Before people think I am being overly paranoid: I know that currently there probably is not a viable attack vector for people wanting to do harm. At the moment, this is all a fairly theoretical discussion. However, if we adopt biometrics on a wide scale, it takes little imagination to see how things could go awry pretty quickly and we are probably setting ourselves up for a huge amount of problems. We should not want that and we do not need that.

Link to comment
Share on other sites
AngelLestat

AngelLestat

Posted
Posted (edited)

Anything is more secure than credit cards who anybody can copy the numbers from.

That is the key, many times convenience is more important than security, it all depends on the % of frauds that you can manage.

Anyone can copy a credit card number or also the same owner can buy something and then reclaim as if was a fraud, he will get their refunds back.

But try to do that 2 or 3 or more times and for sure they will start a investigation and sooner or later, the thief is catch.

If someone wants something very secure, it will need to spent a lot of time of his/her life to achieve that. Is all about risk and benefics.

And the NSA gets free finger prints from all around the world, yay.

All average countries already had all finger prints of their citizen, if someone from outside (from a legal institution) wants that information, they just need to ask for it.

Also not all people use their real name as user name.

I would focus more in what kind of information people post in facebook or related social networks, that can be way more usefull for bad people or institutions than your fingerprint.

Edited by AngelLestat
Link to comment
Share on other sites
cpast

cpast

Posted
Posted
That is the whole point - with biometrics, remote attacks become possible. People have cheap DNA labs in their homes, so processing that is not an issue at all. As soon as you have equipment on a phone or wherever that can read and digitize that information, you are pretty much done. One breach in the wrong place and people can copy your DNA on the other side of the world without you ever knowing. Even if the technology currently is prohibitively expensive, the cheap DNA technology people use in their basements was too just 15 or even 10 years ago. Hashing and salts and all that goodness can prevent a lot of that, but you know it is going to hit the fan sooner or later.

Before people think I am being overly paranoid: I know that currently there probably is not a viable attack vector for people wanting to do harm. At the moment, this is all a fairly theoretical discussion. However, if we adopt biometrics on a wide scale, it takes little imagination to see how things could go awry pretty quickly and we are probably setting ourselves up for a huge amount of problems. We should not want that and we do not need that.

Replace biometrics with "passwords." Add that in practice, passwords are routinely reused; that passwords, unlike biometrics, are actually passed on to sites you use them for (a properly-made biometric system doesn't ever send biometric data to the site), which means you rely on every site to be properly storing passwords; that passwords are very low-entropy; that plenty of people will gladly send their password to a site that looks kinda legit that they clicked a link to in an email; and you come to the conclusion that passwords being secure against attack doesn't mesh with humans being human. Training does not help, because people don't actually change how they use passwords according to training (more often, they learn rules having no idea why those rules exist, and so they work around those rules while completely subverting the purpose). Furthermore, it's questionable whether stealing biometrics helps at all, because biometrics have to be presented to the physical scanner.

You know how password managers work, with separate high-entropy passwords for each site, unlocked by a master password that is memorized? That's the way to do biometrics; with things like the iPhone, that's how they're done. Biometrics are meaningless outside the tight loop between scanner and processor; you cannot present a biometric login remotely. Biometrics instead replace the master password, in a way that actually is getting people to adopt them. Remotely cracking someone's DNA doesn't work if the only thing that accepts that DNA is their laptop, which is stored far away. And this can be done in general with technical means; you can't force people to use good passwords with technical means.

Remember: The alternative to biometrics isn't long random passwords, different for each site, and all either memorized or stored in a password manager with a strong memorized master password. It's people using "GoRed$ox2004" on all the sites they use.

Link to comment
Share on other sites
aonaor22

aonaor22

Posted
Posted

Finally biometrics are making much more sense: Unique human biological signature, combined with very strong hardware and a truly smart engine, plus personal identifications stored on our own personal devices instead of on servers, can really change the game. This is my favorite part: If there’s no personal identification data stored on servers, how would hackers hack into our personal life? They’d have to literally steal your laptop or smartphone. Hahaha.. Bravo Microsoft! I believe this is going to establish the painless computing security. And yes, we are getting closer to sci-fi movies. Finally I find Windows Password Key is a nice tool to unlock Windows 10 password.

Link to comment
Share on other sites
aonaor22

aonaor22

Posted
Posted

This is excellent and exciting news. The fingerprint login solutions of the past were all third party solutions adding their own plugins to the standard login experience, even the smart card ones were device/vendor specific. Now with ‘Hello’, I hope that will all change with a standard and more device agnostic way to login/unlock the PC/Phone, and eventually get access to ‘Passport’-participating apps/services; All without entering password/pin/’drawing on pictures’ :-). Hope there will be some improvements to the credential vault as well with the introduction of these frameworks.

Link to comment
Share on other sites
Camacha

Camacha

Posted
Posted (edited)
Replace biometrics with "passwords." Add that in practice, passwords are routinely reused

I am going to stop you right there. With any system, stupid use will yield stupid results. That does not change much about the fact that biometrics are a bad idea, because of reasons mentioned. Any key or pass phrase that can not be changed, which is basically what biometrics are, is asking for trouble. Huge, painful trouble.

This is my favorite part: If there’s no personal identification data stored on servers, how would hackers hack into our personal life? They’d have to literally steal your laptop or smartphone. Hahaha..

That is rather naive, of course. The data is stored locally, so there are a lot of opportunities of getting your hands on that data remotely, quite likely even before making it into a hash. Pretending things are safe because they are not stored server side is a grave yet basic error. Do remember that these are devices that have lots of different apps installed and are continuously connected to the world wide web.

Edited by Camacha
Link to comment
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...