David Irvine wrote: [...]
Many thanks for replying - your right I am a bit off topic (and I hope I don't need a surgeon for being so ;-) ) but I suppose it is slightlyrelated to the securing of info.
Yes, I'll reply on the list till someone complains.
If it's only the data between the reader and computer that can be captured, the method outlined above (using the fingerprint as a PIN for a smartcard chip) should be secure under the usual assumptions concerning key size etc. Just remember, most probably it's not really encryption you want, it's authentication! Encryption can help but it's not the only way.I think you are correct in your assumption for some readers. I am thinking along the lines of a public reader i.e. one which anybody can finger swipe to get access to data and therefore the digitised stream may be sent somewhere. I am using the premise that any non encrypted data stream on a PC can be captured.My thoughts were that if it were possible to have an encrypted (PKI) copy of this stream that only the server could decrypt (if there was a server) or an application could decrypt, can such devices create a secure link between them and a server or application to transmit this, and if so can it be easily compromised (everything can to some degree I suppose).
The problems start if the bad guys start using screwdrivers or are otherwise fiddeling around with the reader (see for example http://ds.ccc.de/080/finger if you can read german) or the computer. If computer and reader themselves are not considered secure you'll probably have to go for something like TPM to increase the security.
IMHO the most efficient way currently is to use a class 2 smartcard reader. Whether to use a fingerprint sensor (integrated to the reader!) or a PIN (entered on the pinpad of the reader!) to unlock signature generation is more or less a matter of personal taste or other circumstances of your application. For example I'd prefer a fingerprint reader if it's easy for an attacker to install a web cam to watch the pinpad. On the other hand, if you can enter the PIN in some closet with no public access I'd prefer the pinpad.Apart from that what is the most effective way of entering a password to stop keyloggers I have been racking my brain thinking of a defeat for them but can't come up with one yet although I'm sure there is an answer somewhere. [...]
Of course both versions can still be defeated by installing "keyloggers" inside the reader device or capturing the PIN/fingerprint using known techniques, but you have better chances to defend against this.
Hmm, maybe *encryption* should be handled between the peers using the peer's keys and *authentication* can be done by a smartcard/class 2 reader? This seems to take care of your problems if the peers themselves are secure.My concern is that I have a p2p app which needs AES / RSA etc. and therefore a pass at some time - can't use a server so kerberos / single pass etc. is a no goer.
Another approach I've seen with homebanking (less secure than a class 2 reader/smartcard but probably easier to implement) is to use the mouse to enter a PIN on a screen pinpad, which is at a random position on the screen and/or the keys are randomly distributed. This is still vulnerable to webcams but the image quality has to be much better if you use a tiny cursor...
[...]
No, a stored password is not really good, since the transmission can be intercepted.So far 1: A bio reader that stores a pass seems to be quite good (although personalised)
By the way, are you familliar with smartcard technology?
4. Biometric sensors can be fooled considerably easier than realized in public perception (BTW, the same thing is probably true for encryption in general). Biometric sensors are still to be considered somewhat experimental, especially if the reader devices are cheap! Pinpads have their own risks, but at least those are more publicly known (or are they?).2: A bio reader that can encrypt and secure a link between it and authority mechanism (server or app) would be better - not personalised. 3: A passphrase - well this is the issue - we can make them stronger by running through pbkdf2 etc. but it's the entering that's not right (insecure).
Problem software or hardware loggers (think worst case - hardware) can read anything we input to screen mouse or keyboard so 1: Are they easy to detect (NO!) 2: Can they be fooled by cut paste etc. / NO many read clipboard
But cut'n paste is still vulnerable to webcams watching the screen!
So assuming somebody can SEE everything we type or move the mouse to (images etc.) what can be done ?
1. Use inputs that cannot be seen so easily (the biometric approach) 2. Make sure the input cannot be seen (the pinpad reader approach)One very important thing to remember: There is *no* perfect security in real life! Just forget what your insurance agent is always telling you! ;)
Like I wrote above I think we can risk continuing here till someone complains... ;)And that's the question - please tell me if there's a more suitable place to ask this and I will as this list os very very good and I don't want to be the cause of any pollution.
Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
