A device like a FitBit may soon greatly improve user authentication. The key to this will be ephemeral biometrics. We talk about biometric authentication in some of Learning Tree’s cyber security courses, including the System and Network Security Introduction course and the CompTIA Security+ test-prep course. But how are ephemeral biometrics different?
Biometric authentication is still very limited. It takes special hardware, and better security gets expensive quickly. Even the best still has errors, because a biometric system must always say “Oh, close enough.”
A password or token output must be exactly right. But a fingerprint, or image of your face or (most accurate of all) your iris is slightly different every time. That leads to false rejection errors, denying access for the legitimate user. With the threshold dialed the other way, the real user always gets in but false acceptance errors may let bad guys in.
We need something better!
I recently saw an interesting presentation by Peter Choi. He’s a Principal Member of the Technical Research Staff at Sandia National Laboratories.
With ephemeral biometrics, you first start monitoring the life signs of the purported user. Then they authenticate in some acceptably strong way.
The ephemeral biometrics continue to monitor user life signs. We say “ephemeral” because the measurement might be interrupted, and if so, the session terminates. It’s like a kill switch.
You put on the lightweight bracelet and its sensors start monitoring. It has no notion of your “correct” skin conductance, skin temperature, heartbeat, or blood oxygen level. It just knows that they should all be something reasonable, and an interruption or just an abrupt change represents a problem.
Then you authenticate, using some combination of the keyboard, a slot for your smart card, and maybe a camera or microphone for face or voice recognition.
The system verifies the authentication and the presence of the life signs. The sensors keep monitoring as the device sends “Still here, still here, still here…” over Bluetooth. That keeps the session alive.
If you wander too far away, the system locks the session. The printer or coffee pot across the room, still in sight, that’s OK. But down the hall toward the bathroom? It locks the session when you get too far away. And if you try to slip it off of you and onto someone else, that’s definitely wrong.
The legitimate user might step away from their system for a few minutes. Go pick up printed output, or get a cup of tea, or go to the bathroom. These might provide opportunities for intruders.
Also, the legitimate user might intentionally “loan” their session to a co-worker.
The problem with traditional authentication is that it’s a “brittle outer shell” at the very beginning of the session. Once done, it lasts indefinitely.
Better yet, the sensor could be personalized for you so it can be a form of “something you have.” Getting more advanced, you and the sensor authenticate in parallel. That way the “keep alive” signal is not just any old signal, but it’s from your sensor.
Your sensor might authenticate itself by implementing a physically unclonable function. However, that tends to be expensive.
The promising solution is a digitally unclonable function.
Interested? I am.
Want to learn more? Check out these presentations: