From: Kragen Sitaker (kragen@pobox.com)
Date: Mon Jun 26 2000 - 13:22:12 PDT
Mark Day writes:
> Some device reads my eye, right? After that there are bits representing my
> eye. Those bits can be compromised like any other bits (fill in your
> favorite attack on passwords here).
Those bits are not secret. They can't ever be secret; anyone who can
snap a photo of you through a zoom lens can duplicate them.
It is necessary for the device that reads your eye to be trusted by the
TCB to only return bits representing real eyes presented to it, not,
say, bits representing recorded data or bits representing glass eyes.
This is similar to old-style car ignitions; IIRC, the ignition switch
has two one-bit channels to the rest of the car. One of them signals
the engine to run; the other signals the starter solenoid to engage and
the starter motor to run. The rest of the car trusts the ignition
switch to only send those bits if the real key is inserted into the
ignition. But if you disconnect the ignition switch, you can send any
bits you want over the same channels, causing the car to start without
possessing the theoretically requisite key; this is known as "hotwiring
the car".
As long as the iris scanner is in a position to be bypassed or removed,
it will be possible to hotwire your computer in a similar manner. If
the iris scanner uses cryptographic authentication to digitally sign
iris data as it's transmitted, this is a little more difficult --- you
have to extract the key from the iris scanner --- but hardly
impossible. Tamper-resistant hardware exists only in one realm of human
endeavor: nuclear weapons.
-- <kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/> The Internet stock bubble didn't burst on 1999-11-08. Hurrah! <URL:http://www.pobox.com/~kragen/bubble.html> The power didn't go out on 2000-01-01 either. :)
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 13:24:49 PDT