10

This article quotes the CEO of Image Ware,

[The solution] according to Miller, is multi-modal biometrics which he claims makes it virtually impossible for the wrong person to access computer systems.

His company uses existing hardware and platforms, connecting physical feature recognition algorithms (finger, palm, hand and prints, and face, eye, iris ) with other algorithms employing common biometric data sensors found on today's mobile devices.

My gut feeling is that he has overstated this somehow, but I can not put my finger on why this rings untrue. It seems to me that if a multi-sensor approach was truly effective we would see hardware and software for such strategies everywhere by now.

Can an IoT network of diverse sensors be an efficient and effective security strategy? (Is the multi-sensor approach effective? )

What are the pitfalls?

Helmar
  • 8,450
  • 6
  • 36
  • 84
grldsndrs
  • 375
  • 1
  • 10

2 Answers2

10

The technical answer to is this security unbreakable? is "no". The primary reason is that biometric attributes are not secrets. Some are easily duplicated, like fingerprints, or images of faces. Some are harder to spoof, like irises. But once a biometric attribute is captured, it can be replayed. And biometric attributes are fixed. If a user's attribute is ever copied, you obviously can't tell the user "we've had a breach, change your iris."

It is highly unlikely that an average thief will be able to spoof all of the biometric sensors simultaneously. However, it would not be impossible for a dedicated, sophisticated attacker to engineer such a feat.

In addition to sensor spoofing, it may be possible to perform a replay attack using the data emitted by the sensors. However, this would be implementation dependent, and one would expect a company to architect the security of their devices against this type of attack.

This is where the IoT approach might provide worse security than an integrated solution. If the sensors are unrelated to each other, an attacker could compromise one device at a time without raising suspicion. The attacker can practice with a fake gummi-bear fingerprint until he gets that perfected, then he use that fake fingerprint while he practices with a photo to fool the image sensor. An integrated sensor could be architected to require all attributes to be present at the same time; the IoT approach could be implemented in a piecemeal fashion, with vulnerabilities created by the gaps between the systems.

Practically, this approach still sounds very secure, and would be better security than a simple passcode or a single biometric measurement.

John Deters
  • 2,552
  • 13
  • 21
2

First, the quote seems to have been about securing mobile devices, not about "an IoT network of diverse sensors", but some lessons can perhaps still be drawn.

Unlike with a mobile device, an "IoT network" of sensors tends to imply that they aren't all in the same place, so a user likely can't be expected to qualify in the judgement of all of them at once. This means that a system would need to be very provisional about the authenticity of the user - in effect:

You walk like Joe and know Joe's password, so maybe you are Joe, and I'll let you do Joe's less critical things unless I start suspecting you aren't Joe, but to do something more critical you're going to have to go here and do this, and go there and stare into that, and repeate the following phrase, and...

But as critically, and in common with the mobile device case, such a scheme only secures the front door. It offers no protection against at least three other types of vulnerability.

  • Many exploits against modern systems come not from a malicious user, but rather from malicious data delivered via a network, USB stick or similar, either in the form of unsolicited traffic, or undesired payloads catching a ride on things that the user does want. Typically such data exploits a security failure in the design - either an insecure optional feature that shouldn't be there (windows autorun files) or a classic mistake-data-for-code bug like a buffer overflow.

  • Both IoT systems and mobile phones tend to be heavily integrated with network servers, with the latter often given a high degree of access to the same data or the capabilities the mobile system's security is trying to protect. Absent things like end-to-end encryption and authentication tokens not known to the server infrastructure, a successful attack or misuse of the server infrastructure can often accomplish most of what bypassing the device's security could.

  • IoT systems, likely even more so than mobile devices, may be quite vulnerable to physical attack. Phones may attempt to secure the keys used to encrypt a user's data against ready access with a JTAG debugger, but what an IoT system holds locally is often not so much data, as the ability to do various things. It effectively matters not a bit to a local attacker how secure the computer part of an IoT device is, if they can simply pop off the cover and use a clip lead to activate the output relay - or for that matter, cut the wires going to the actuator and touch them to their own battery. Or an attacker may create false conditions at the site of the IoT device's sensors (candle under the heat sensor, wet sponge on the moisture, etc), and cause it to uplink or act on erroneous readings.

Chris Stratton
  • 1,898
  • 8
  • 18