IEEE Technology and Society Magazine - September 2016 - 65

Authentication by Device
Our initial discussion suggests that biometrics are not a
practical solution that can solve tomorrow's authentication problems in a sustainable way. But could biometrics
provide part of such a solution? Is there a way to utilize
and apply biometric technology that will not risk kick
starting a huge new segment of the cybercrime industry?
Consider that our smartphones are always with us, and
they are becoming increasingly integrated with our environment. Recently I noticed that my laptop is responding
to phone calls before my phone (they are paired) so I
found myself taking calls on my laptop as it was easier and
faster than pulling the phone out of my pocket! The same
linking occurs in my car and soon throughout my home.
So could we take advantage of this to use our smartphones as engines to support personal authentication?

En-Phone Me Baby
The problem of biometric theft becomes significant
when you store a biometric pattern in a central repository or database, or if you encode it in a repeated email
signature or any regular data store. The sheer number
of biometric signatures that can be obtained by having
such resources makes these very attractive targets for
cyber criminals. If the rewards are large enough, criminals can find the seed financing and resources needed.
However, what if the biometric is used to generate an
enrollment key and that is what is stored, rather than
the biometric itself? This eliminates a key risk. If the key
is stolen, it is a straightforward process to generate and
register a substitute enrollment key. But you need
"something" to generate this key and this "something"
must also be available later to decode the key and close
the authentication loop. That "something" has to be
quite generic and widely available.
Is there some "device" that practically every adult
carries around with them every day that could perform
that function?
It doesn't take a rocket scientist to realize that your
smartphone could provide such a function. They are
always with us. And they are "observing" and "listening
to" us on a daily basis. So capturing recognizable physical
characteristics is relatively straightforward via our daily
use of these devices. They can be repurposed to acquire
a range of our biometrics through our daily use patterns
and thus build a profile of the device user that can be
used to continuously authenticate and (where needed),
authorize access to services and confirm transactions.
Brave new world here we come ...

The Zen of Zero-Knowledge-Proof
You may still be uncomfortable that someone can break
into or steal your device and access your biometric
data. In fact this concern is moot, because your device
september 2016

∕

will never store your biometric data directly. Instead it
will store a code derived from your data and the way it
derives that code can, if necessary, be changed.
So all that your device really does is to verify that it
has scanned your data recently and was able to generate
valid authentication code(s). There can also be an additional layer of security here, because your device could
store your authentication code in a secure memory and
never export it. Instead it can use a well-known cryptographic technique - zero-knowledge-proof (ZKP) - to
authenticate you to a network-based service where you
are enrolled [11]-[13]. This serves two purposes - the private key generated by your device, from your biometric,
never leaves your device. In fact it will be secured in a
special area of memory that cannot be accessed by the
main device CPU.
The second reason to use ZKP is that the bulk of the
cryptographic processing does not occur at the server -
in fact your device must do all the heavy computational
work. The server creates challenges that only the associated client can solve using a private key generated from
the user biometric. To increase the security level, the
server simply generates more sophisticated challenges
for the client.
Although initially counter-intuitive, it quickly
becomes clear that there are some key advantages to
this approach. Among these, the main cryptographic
processes are not implemented on the network server
and thus the attraction of obtaining millions of compromised access codes by breaking a single server-centric
cryptography process is removed. Instead it becomes
necessary to break a unique process for each device
with the reward of a single access code. This does not
justify the required scale and cost of resources, depending of course, on who's device is being attacked.
A second benefit is in terms of scalability. As the main
computational load is distributed across many individual
devices, the service can scale to many users without adding large amounts of computing power. And individual
smartphones are now more than powerful enough to run
the cryptographic solver algorithms in reasonable timeframes (i.e. maximum of several seconds). ZKP is an
ideal match for this problem as it keeps the most important functional elements of the cryptography distributed
across millions of devices. And the reward for breaking
the code on a particular device is limited to that single
device. This acts as a strong disincentive for cybercriminals who can find easier pickings elsewhere.

My Phone, My Biometrics ... All Mine!
And so we close the circle.
While today it is pretty difficult to lose your phone, if
you do so (or it is stolen), it has become very easy to
wipe all sensitive data. Phone manufacturers understand

IEEE Technology and Society Magazine

Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - September 2016