I call your attention to a press release issued today that states "Cardlab Solves Privacy Fears with its 'Scan and Match on Card' Biometric ID Card" which is found below. Such "solution" to the Real Enforcement with Practical Answers for Immigration Reform (REPAIR) Proposal
under consideration currently would do nothing more than vastly increase the exposure to and probability of establishing a new points of penetration of U. S. national security. The CardLab announcement is cleverly worded in that it states "solves privacy fears" but not privacy issues with a card that is "resistant" to a number of vulnerabilities but not fully protected from them or able to produce evidence of any tampering or improper use.
Below follows a clear analysis of all the elements of the REPAIR proposal and how this dangerous "solution" fails to provide the needed security to truly solve the privacy and national security issues being addressed. It seems likely that a solution employing cards with biometric data is nothing more than a transparent attempt to cram down card use by members of the card industry without regard for true security, hardware independence, or extensibility of the credentials for use in other identity-sensitive applications.
COPENHAGEN, May 12 /PRNewswire-Asia/ -- CardLab (Denmark), the world's leading powered card technology developer, announced today that their Powered Biometric ID Card exceeds the technical challenges and demands in the new proposed US National Immigration ID Card.
Several senators, including Senate Majority Leader Harry Reid and Intelligence Committee Chairwoman Dianne Feinstein, announced the crucial need for improved identification of immigrants, and the use of biometrics. The bill's summary read: "These cards will be fraud-resistant, tamper-resistant, wear-resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer."
"The CardLab Biometric ID Card exceeds the technical and political challenges in this bill," said Torsten Nordentoft, CTO of CardLab. "One of the many truly unique aspects of our card is the 'match on card' capability which eliminates external storage and possible theft of personal information -- in other words, all private information will remain on the card and in the pocket of the individual."
The self-powered CardLab Biometric ID Card is designed to contain all functionalities "on-board", from encrypted personal data, finger print recognition scanner, to communication via our patented Dynamic Magnetic Stripe, EMV chip and RFID. The "all on board" card ensures that no further investments in external card readers are required, and the true ISO 7810 credit card format paves the way for an instant mass deployment while keeping cost per user low.
CardLab is currently negotiating with partners in the US and several other countries for the customization of Biometric Citizen Cards and other high security variants of multi-functional identification and access cards.
Founded in Denmark in 2004, CardLab is a technology and solution provider to the smart card industry, ranging from OEM sale of individual technologies, to development of customized solutions. CardLab holds several patents in the smart card field.
CardLab is dedicated to enabling card manufacturers, card issuers and their customers to take optimal advantage of the technological developments in miniaturized low power electronics for on-board integration in ISO 7810 cards.
Log on to http://www.cardlab.com/ for more information
SOURCE CardLab ApS, Denmark
The typical underlying problems with cards in a wide deployment of this magnitude will do nothing to eliminate the problems associated with lost/stolen/unavailable and fraudulent cards. The stakes will increase substantially as sensitive personal data stored on the cards will make them valuable targets to hackers and those looking to black-market them. We feel that such card systems primarily benefit the card vendors and do not provide adequate security or efficient use of capital resources, as per the Real Enforcement with Practical Answers for Immigration Reform (REPAIR) Proposal, which states its primary objectives are:
- 1. Achieve Operational Control of America's Borders to Prevent Future Illegal Immigration
- 2. Secure the Border First Before any Action can be Taken to Adjust the Status of People in the United States Illegally
- 3. Further Fortify America's Border Enforcement Capability
- 4. Detection, Apprehension, and Removal of Unlawfully Present Persons in the United States
- 5. Ending Illegal Employment through Biometric Employment Verification
- 6. Employers hiring workers in the future will be required to use the newly created Biometric Enrollment, Locally-stored Information, and Electronic Verification of Employment (BELIEVE) System as a means of verification.
- 7. Reforming America's Legal Immigration System to Maximize American Economic Prosperity (for both Highly Skilled and Lower Skilled Workers.
- 8. Promoting Family Reunification
- 9. Mandatory registration, acceptance of responsibility, and administration 9of punishment for unauthorized aliens presently in the United States.
- 10. Encourage maximum participation in the legalization program.
- 11. Enhance law enforcement capabilities and protect U.S. national security.
- 12. Reforms designed to enhance efficiency and effectiveness in America's immigration system.
Comment: A secure biometric system such as TEAMS from Triad Biometrics could meet and exceed all such requirements without the need for cards, yet the additional requirements of the REPAIR Proposal clearly show an unjustified bias towards the use of cards:
- 13. Not later than 18 months after the date of enactment of this proposal, the Social Security Administration will begin issuing biometric social security cards. These cards will be fraud-resistant, tamper-resistant, wear resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer.
- 14. The card will also possess the following characteristics: (1) biometric identifiers, in the form of templates, that definitively tie the individual user to the identity credential; (2) electronic authentication capability; (3) ability to verify the individual locally without requiring every employer to access a biometric database; (4) offline verification capability (eliminating the need for 24-hour, 7-days-per-week online databases); (5) security features that protect the information stored on the card; (6) privacy protections that allow the user to control who is able to access the data on the card; (7) compliance with authentication and biometric standards recognized by domestic and international standards organizations.
Comment: The requirement to access a biometric database is the best way to secure the credentials and to prevent fraud. There will need to be a central database to keep track of each card serial number in any case. Adding secure biometric information to that adds far less overhead than issuing cards with sensitive data that will eventually be hacked, cracked, and resold on the black market.
- 15. The new biometric social security card shall enable the following outcomes: (1) permit the individual cardholder to control who can access their information; (2) allow electronic authentication of the credential to determine work authorization; and (3) possession of scalability of authentication capability depending on the requirement of the application.
- 16. Possession of a fraud-proof social security card will only serve as evidence of lawful work-authorization but will in no way be permitted to serve-or shall be required to be shown-as proof of citizenship or lawful immigration status. It will be unlawful for any person, corporation; organization local, state, or federal law enforcement officer; local or state government; or any other entity to require or even ask an individual cardholder to produce their social security card for any purpose other than electronic verification of employment eligibility and verification of identity for Social Security Administration purposes.
Comment: The above objectives can be achieved without the use and expense of cards.
- 17. No personal information will be stored on the electronic chip contained within the social security card other than the individual's name, date of birth, social security number, and unique biometric identifier.
Comment: The personal information stored on the card as described in No. 17 above is foundational information for committing identity fraud which will encourage illegal cloning of cards. Fraudsters will know this information is there and will create a black market for cards that were either reported lost/stolen and reissued, or they will simply make duplicate clones and re-enroll fingerprints and/or bypass the fingerprint matching requirement as they wish in order to control or reassign the cards. This is a recipe for disaster in terms of security and may well create higher levels of identity fraud than exist in the current system.
- 18. Under no circumstances will any other information, including medical information or position-tracking information, be contained within the card.
- 19. The Secretary of Homeland Security shall work with other agencies to secure enrollment locations at sites operated by the federal government.
- 20. Prior to issuing an individual a new fraud-proof social security card, the Social Security Administration will be required to verify the individual's identity and employment eligibility by asking for production of acceptable documents to be provided by the individual as proof of identity and employment eligibility.
- 21. The Secretary of Homeland Security will work with the Commissioner of the Social Security Administration to verify non-citizens' employment authorization.
- 22. SSA will also be required to engage in background screening verification techniques currently used by private corporations that use publicly available information that can be derived from the individual's social security number. An administrative adjudication process can be invoked in the event that an individual is unable to establish his or her identity or lawful immigration status. Adverse decisions can be reviewed in the federal courts.
Comment: The above actions in number 22 would also satisfy the enrollment support requirements for Triad's cardless biometric solution, so these provisions are readily transferrable.
- 23. There will be a multi-stage process of re-verification if an individual claims he lost his previously issued fraud-proof social security card to ensure that there is no identity-theft or unlawful collaboration of identity.
- 24. There will also be a multi-stage process for resolution of proper identity if an individual claims an identity tied to a social security number that has been claimed by another individual.
Comment: With respect to number 23, we have demonstrated that such cards are anything but "fraud-proof". Re-verification and the process for identity resolution would be eliminated by use of Triad's cardless biometric solution.
- 25. Tough penalties will be put in place for fraud in procurement of a fraud-proof social security card. The same penalties shall apply for conspiracy to commit fraud if false information is intentionally provided.
Comment: We are gravely concerned that the REPAIR Proposal was written without regard to the true security risk inherent of such systems and primarily benefits the card suppliers. The proposal does not factor the aforementioned risks of hacking/cracking/cloning/social engineering and other factors that will promote an illegal black market for such cards. Black market cards will be sold to illegals. Low-paid workers will be enticed to "sell" their legitimate cards to black marketeers and then report these cards lost and request replacements. This would create a supply of the physical cards that could be re-programmed and used by others illegally, while increasing the demand and expense for card replacement. There is no stipulation in the REPAIR proposal for hardware independence or interoperability by different vendors, nor is there a security review requirement by an independent third-party which would factor and evaluate these risks. Additionally, there should be recognition of the value for extensibility and its beneficial economic effects for use with other applications which may include other types of physical access, logical access, and background checking.
Published April 23, 2010 by the International Journal of Electronic Marketing and Retailing:
Passwords Are Passé But Biometrics Are Not Mobile
Writing in the International Journal of Electronic Marketing and Retailing, researchers from the US and Germany point out an inherent flaw in the financial industry's adopting biometric logins to boost security of mobile devices, such as notebooks, PDAs, and smart phones might make biometric logins impossible when one is on the move.
Biometric logins that use fingerprints, voice recognition, or identify you based on how you type look set to replace conventional passwords for accessing online banking and credit card services, online payment companies and even internet stockbrokers. However, smart phones and other portable devices do not currently have the sophistication to be adapted easily for biometric technology. Moreover, users are likely to be reluctant to carry yet another device and its associated electrical charger along with their smart phone simply to login to their bank account when not at their desktop computer.
James Pope of the College of Business Administration, at the University of Toledo, Ohio working with Dieter Bartmann of the University of Regensburg, Germany, explain that the security of online financial transactions is becoming an increasing problem, especially as security loopholes in login systems and web browsers emerge repeatedly. Simply logging in with a password is becoming technically passé.
"Passwords have been widely used because of their simplicity of implementation and use," the researchers say, "but are now regarded as providing minimal security." Moreover, as repeated scare stories about hacking and identity theft pervade the media, consumers are becoming increasingly concerned about online security. Further development of e-commerce and banking will be stifled if the issues of fraud and identity theft are not addressed. While biometric readers are being adapted for desktop computers, they are seriously lagging behind in portability and compatibility with smart phones and other mobile computing devices.
Triad has addressed many of these concerns and others that need to be resolved to enable secure fingerprint-enabled m-commerce. Features of the fingerprint capture, transport, and matching software as well as the image capture hardware must be considered when designing a secure, reliable authentication system. Provisions for interoperation of various image capture devices to accommodate the various client-side form factors (handheld, laptop, desktop) and a fallback subsystem to accommodate situations when the devices are malfunctioning or not available are crucial for end-user adoption. Implementing such a system with tight security constraints to protect against common biometric attacks such as replay is also crucial for organization adoption. Triad has recognized these necessities, packaged all such features into its TEAMS product suite, and is working to bridge the above mentioned gaps with various hardware vendors and service providers.
We have noticed that a majority of corporations experiencing data breach and workplace identity theft share similar weaknesses in their overall privacy fabric. Some are turning to fingerprint biometrics as a means of "tightening-up" access to secured data. However, many fingerprint authentication systems being sold in the commercial market are actually focused on being convenience-based vs. security-based, oftentimes leaving gaping security holes for new avenues of attack. Here we are exposing the "Seven Deadly Sins" of so-called "secure" fingerprint biometric systems and clarification of the desired features needed to assure the security and convenience of the fingerprint solution. Check to see which of the following features are provided in the biometric system you are evaluating or planning on implementing:
- Trusted Enrollment - does the biometric system allow for self enrollment? This may seem convenient, but how does the organization know whose fingers were actually enrolled? The solution should require attended enrollment by a trusted operator, who utilizes his own biometric identifier to authorize the enrollment for any given individual. Without this key feature, there can be no absolute trust or confidence as to "whom" the credential belongs to.
- Prevention of multiple identities - does the biometric system allow the same finger(s) to be enrolled under different UserID's? If so, any given biometric identifier could be associated with more than one UserID, which can lead to impersonation and potential fraudulent activity. Be sure the solution can prevent more than one enrollment of any given finger and that it provides a means of resolving any such attempts to do so in a way consistent with your corporate policies.
- Device Interoperability - does the biometric system allow for true or partial device interoperability? If not, you may be tied to a single hardware vendor, which can be dangerous when pricing and availability and eventual obsolescence become issues. Look for solutions that provide "true" device interoperability; meaning that enrollments can be performed on a device and authentications can be performed on the same or other devices from different manufacturers. This will future-proof your investment and enable a wider range of users to benefit from the technology.
- Elimination of Passwords - does the biometric system support a means of eliminating passwords for access to sensitive applications? Many systems simply release stored passwords with the biometric match, which often leaves the application vulnerable to circumvention of the biometric system. In some cases, elimination of the password may not be possible until the application is re-written to natively support the biometric system. In such cases, check to see if a potentially-corrupt administrator has the capability of changing the User's password without the User being aware of it. The User's awareness that his password is no longer working is a first-line of defense to knowing if the password was changed without the user's knowledge or consent. This could equate to impersonation and fraud. Look for solutions that provide an effective defense against such password manipulation.
- Exception alternative- does the biometric system provide an alternate means of strong authentication in the event an image capture devices is lost, stolen, out-of-order, or otherwise unavailable? Few providers of biometric solutions have even considered this or stepped to the plate to deal with this scenario. This has often stifled adoption. Look for innovative systems that can leverage the biometric system with alternate credentials in such cases. Some vendors classify this as an "Exception Mode".
- Duress handling - does the biometric system provide a means of identifying an authentication request being performed under duress? Because there are multiple fingerprints per user, certain ones can be designated for duress functionality if desired. This may not necessarily be a feature to be widely deployed, but rather for certain individuals who may have access to extremely sensitive data and are concerned about possible duress situations which may force them to access the data against their free will. Look for systems that can support a duress feature and provide limits to its use to certain Users so as to make Users accountable for any false alarms.
- Accurate matching - does the biometric system use advanced matching processes to ensure adequate accuracy? If the goal is to eliminate the need to specify a UserID during an authentication, then the system will need to support 1-to-many matching. There are only a few systems that have 1-to-many matching systems that exceed the accuracy of the standard FBI AFIS technology used by law enforcement and civil ID programs. Be sure to validate the vendor's claims against credible, independent 3rd-party reviews.
So, it comes down to this: Look before you leap, and make sure that the biometric system you decide to use offers positive answers to the seven deadly sins listed above. Otherwise, you may be deluding yourself into thinking that you have secured your most valuable assets.
Well, here we go again. Last month the security vendor, Kaspersky, had its site hacked by SQL injection, possibly exposing email addresses and up to 25,000 product activation codes. Last week we learned of the Dalai Lama's network being hacked by sources possibly in China using "social phishing" techniques on unsuspecting monks.
The widespread incidence of network infiltration by unauthorized individuals (hackers/crackers) poses an increasingly serious threat to data integrity and security. Although the NY Times article concentrated on "social phishing" via emails as a means to dupe unsuspecting email recipients and browser re-direction among other vulnerabilities, the defense or solution is relatively easily remedied through the use of updated anti spyware, anti phishing, and anti-virus software provided by companies such as Symantec and others. However, according to the IBM X-Force Threat Report released in June of 2008:
http://www-935.ibm.com/services/us/iss/xforce/trendreports, the greatest threat to web application security is now SQL injection. Exploitation of websites vulnerable to SQL injection has increased from an average of a few thousand per day, when they first took hold early in 2008, to several hundred thousand per day at the end of 2008, bypassing cross-site scripting as the leading web application vulnerability. IBM's recommended solution is the installation of web server patches to help prevent such attacks. Unfortunately, 74% of web applications reported had no patch available by the end of 2008, according to IBM. The IBM report also did not mention the additional need to properly "sanitize" all input data in web applications, nor did it mention any technologies available that can reduce or eliminate the need to host password fields in applications.
With the use of web proxies today, the IP address, identity, or location of a hacker is easily camouflaged. An anonymous SQL injection attack of purportedly "authenticated" user access represents a very serious security risk that has been virtually ignored by most IT Security professionals. As today's report indicated, there is a gaping hole in cyber security caused by the unauthorized use of passwords (including those obtained by rogue means). Hackers have a wide choice of freeware that can enable them to crack passwords, inject SQL strings into username and/or password fields, and generally cause havoc for application administrators trying to protect their web applications and databases.
To illuminate a possible solution to this huge problem, I suggest that the authors of the report cited in the Times (and readers interested) view a presentation given during the Oracle Web Expo two weeks ago.
http://tiny.cc/TriadOracleWM (Windows Media) http://tiny.cc/TriadOracleRM (Real Media)
Clearly, many of the vulnerabilities associated with SQL injection at the "front door" can be avoided if the user must be biometrically (unequivocally) identified and authenticated where no password field exists as a gateway.
Identity fraud is a crime that costs all of us. As measures have been increased in recent years to mitigate identity fraud, so too has the level of sophistication of the fraudulent acts. Persons that were dedicated to committing fraud had the upper hand for some time, but technology is now catching up to these predators.
The Case to Utilize Fingerprint Biometrics:
Fingerprint biometrics are a leading digital technology that can be utilized in digital identity authentication. Those in a point of service setting that use fingerprint biometrics do so by scanning a customer's ID through a system and instructing the customer to use a keypad to match fingerprints with a stored fingerprint identity. Fingerprint biometrics can help increase the chances that the person in front of you presenting an ID is that ID's true identity. The result is an ability to capture and link fingerprints to a single ID record, which will increase fraud prevention and help ensure fraudsters do not attempt to use multiple identities.
The Case to Implement Biometric Verification:
Those in a point of service setting pay for fraud twice, once stemming from the initial act of fraud and a second time as a result of cost of goods, services and even insurance rates increases. Biometric verification can help resolve the problem of ID fraud and provide the point of service person that the customer presented is the actual person represented on the ID. The benefit of a biometric verification is that legitimate multiple IDs can be linked to a single person through one unique biometric fingerprint record. The additional benefit is that this unique biometric fingerprint cannot be utilized in multiple fraudulent IDs.
Security Elements Needed for Acceptance of Fingerprint Biometrics:
A sound fingerprint authentication system needs to have inherent protection against a number of types of common attacks and other compromised situations:
- The system should enforce trusted attended enrollment to establish a chain of trust as to whose fingers were enrolled for any given UserID. This cannot be accomplished by self-enrollment.
- The system should not allow any given fingerprint to be authenticated to identify more than a single User.
- The system should have a secure exception mode to support emergency access when no working device is available.
- The system should support a duress function for a limited subset of the User base.
- The system should adequately secure the biometric identifiers both at rest and in transit to prevent replay, man-in-the-middle and denial-of-service attacks.
- The system should be adaptable to a variety of authentication interfaces.
- The system should support interoperability of devices from multiple manufacturers.
- The system should allow for actual elimination of passwords, not just releasing them to an existing password-authentication mechanism.
Technologies and products do exist which enable secure biometric systems to be implemented that meet these criteria to significantly reduce identity fraud potential.
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. This vulnerability is present when user input is manipulated for string literal escape characters embedded in SQL statements or user input is not sufficiently filtered and thereby unexpectedly executed. With the aid of Web Proxy Tools, filtering cannot be guaranteed. SQL injection is, in fact, an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. This condition results in the potential manipulation of the statements performed on the database by the end user of the application which violates security policy. Such manipulation is difficult to detect since there is usually no error being reported when this happens.
The following line of code illustrate how this vulnerability can be executed.
statement: "SELECT * FROM users WHERE name = '" + userName + "';"
This SQL code is designed to pull up the records of a specified username from its table of users; however, if the "userName" variable is crafted in a specific way by a malicious user, the SQL statement may be able to retrieve more than the code the sender intended. For example, setting the "userName" variable as a' or 't'='t renders this SQL statement by the parent language:
SELECT * FROM users WHERE name = 'a' OR 't'='t';
Biometrics in general can prevent attacks like this, so long as the biometric system can replace the password and use of a password field. Any Biometrics system that does not take a user name or password as an input parameter and is able to resolve the identification of users can be effective as a preventative measure against this type of attack. A fingerprint biometrics system like TEAMS® counters this type of attack as the TEAMS® authentication method does not utilize a password or password field for identification purposes. Therefore, wherever the TEAMS® authentication method is employed, the possibility of SQL Injection is eliminated.
The use of the TEAMS®
authentication method complements other protective measures taken to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) Requirement 6.6.
If you had to choose between the use of passwords and personal identification numbers and not using any, which would be your pick? What if you could have extra security and added convenience by not using any passwords ever again? Surprisingly, this no-password technology is here and is growing rapidly. It is called biometrics, and you will travel this road in no time.
Biometrics involves the use of automated methods of recognizing an individual based on his physical or behavioral characteristics. Some common commercial examples are fingerprint, face, iris, hand geometry, voice and dynamic signature biometric authentication.
Looking back, do you remember the day you decided to switch from dial-up to broadband technology? Biometrics will have the same effect once adopted by the masses.
The decision to switch to broadband had two common denominators: speed and convenience.
In the password world, the same analogy applies. What if you could achieve higher security combined with added convenience and efficiency without ever using passwords? Is this a good justification for another major revolution? Perhaps not yet, because many react to implementing security only after experiencing a crisis.
The solution that could simplify password security issues is biometrics. Biometrics provides an additional layer of security, efficiency and convenience for both users and IT administrators alike.
Here are a few facts you should know about most biometric solutions:
In general, a biometric solution is non-intrusive. Using biometrics, the fingerprint image is extracted into a binary template, then converted into an encrypted template and either stored onto the hard drive or sent over the network to a matching server. Reverse engineering to convert this data back into the fingerprint image is virtually impossible. Recent advances in capture hardware, such as some of the newer fingerprint devices, are producing better images with a smaller mechanism at a lower price compared to just a few years ago while, at the same time some can detect "liveness" of the fingers to help prevent enrollment or authentication by a dead or fake finger.
An additional consideration should be the ability of a system to operate seamlessly in multiple application environments, and across multiple devices from different vendors. This is known as interoperability. To be truly interoperable, a biometric solution should be able to operate on many databases, web application servers and many biometric capture devices. One might say the system should have the equivalent to open source architecture, much the same as Java became an interoperable platform that served as a catalyst to the widespread use of Application Servers.
We see today the inexorable movement to the adoption of biometric identification for the securing of many applications from logical and physical access to various forms of credentials such as driver's licenses, passports, and frequent flyer identification cards. How are we to interpret this shift to biometrics? Should we consider that such techniques are an invasion of our privacy? Are Michael Chertoff's statements that "a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over the world, they're like footprints. They're not particularly private" reflective of the beliefs of the populous at large?
It appears that the primary concern of all people should be the convenience and greater security that biometrics produces as well as the degree to which biometric templates are themselves secured. Any popular biometric identification system should include safeguards as to the integrity of its storage of biometric templates, strength of encryption, and resistance to be spoofed or hacked. By incorporating these features, the privacy of the biometric templates and attendant data of the system's users can be virtually assured. If these attributres are present, then the enhanced security provided by the use of biometric identification and biometric authentication can be confidently utilized to make our lives more secure and less vulnerable to attack.