Behavioral Biometric with SAFE

Rootkits, or any malware that nicks your private keys after you logged in.

Is the private key accessible?
I asked the same questions in another thread, about a total 0-ring compromise.

Should be stored in local memory in order to sign and decrypt stuff. Unless we get a hardware solution for that as well.

It is accessible, so we use NaCl keys and respect the formats and memory “hardness” there, for signing etc. it has to be, but there are chains of keys so revocation can happen in event of theft. There are a few other things like short lived keys, essentially though the private key needs to be available, it is the degree and responsibility per key that then becomes important. So multiple keys with differing responsibilities and only download and decrypt those keys you absolutely need. This will become a large part of the first security sprint for sure and then thereafter forever :wink:

6 Likes

I should add an area to look into if you are in this area is something I have not fully developed though. Using 2 accounts in a multisig manner for 2 factor auth, so log into your phone and computer say to access your account. Not yubikey but could be linked in this manner I feel. Anyhow it’s worth considering.

The other area is site visits logins in SAFE, using a SQRL type HMAC solution means unique verifiable visits where we can get the private key per site / location and, well basically do what SQRL does. This also links into the furthering security conversation. I am way into routing structures right now, but this will be a big focus soon.

9 Likes

Thanks for reminding me that we’re working with a new paradigm. The “usual” gets ingrained sometimes.

And I’m glad your comment brought others in to explore the “local compromise” scenarios. Not nearly as severe as a third-party data-store being compromised, but still good to be cognizant of.

1 Like

Severe weaknesses in Android handsets could leak user fingerprints

@dirvine Is there any impediment to implement FIDO U2F in SafeNet?

[Quote]“The technical working group of the U2F have a proposal on the table, so far it hasn’t been any major objections, in essence now that the browser can talk to the authenticator, one of the key pieces that the authenticator device needs to be implemented is what we call test of user presence.
So it is not good enough to leave your token in there, so if you are going to authenticate to the service, the service will provide a challenge and the authenticator will need to do something.
From my perspective the authenticator is blinking, and you have to touch it so there is an intent and to show to the browser that you are present. There is a challenge-response that is critical in this ecosystem” [/quote]

This would solve the problem of the “proof of unique human”, wouldn’t it?

Nope, can be fooled.

Also if someone found themselves suddenly disabled then alternative methods would have to be allowed, or else you start discriminating against those with particular disabilities.

Or it could even be not enough money to have a webcam.

As it has been said before

  • disabilities can mean that alternative methods have to provided. If there is an alternative method then the biometric method is no extra security at all
  • people can have an “off” day and their particular biometrics are wrong. Even Iris scanning can fail due to temporary medical conditions.
  • Some people cannot purchase such biometric sensors.
  • Any bio sensor can be bypassed, fooled, hacked etc. (At this time and in the foreseeable future)
  • some countries do not have legal access to certain bio sensors. And some have no availability.
  • Many biometrics require data to be stored elsewhere and this presents a whole new set of risks and bypassing of SAFE’s anonymity.

If one is to have this type of security then it has to mandated. If you allow an alternative method to sign on then biometrics can only a convenient alternative and not a security feature. OR else the alternative has to be so difficult that its highly likely that the person will forget vital information in order to use that alternative.

The best method for security at this time is the use of 2 nd device to confirm details. EG crypto challenge/response of some type. Even 2FA using google’s thingo.

In any case it has to be the user who decides to use an more secure login credentials, say for combating the potential of keyloggers. And the user still has to be allowed to login using an alternative method in case their out of band system is lost/broken. It is not an easy thing to fix and google solution for the person to write down the 2FA key string for the account and another device can have that 2FA key installed and used for the 2FA. Even that is not ideal because some people don’t have a smart phone and many more do not access to a 2nd deice they could use in an emergency.

Agree 100% Perhaps the biometric system is a ‘quick’ way to authenticate, but the default is a longer more involved non-biometric process.

I don’t know what you are talking about.
This u2f has nothing to do with biometrics

And behavioral biometrics doesn’t require any special device, just a regular keyboard.

It needs a camera (for detecting blinking) (Video > 1 hour & was too long to watch and I used the description you posted)

Ummmm “behavioral biometrics” is “biometrics”

Behavioral biometrics has major issues with illness, accidents that change the persons behavior (eg broken bones, cancer, and 1000’s of other conditions.)

Current voice synthesizing technology seems very immature. I suspect that even when matured further in say 10 years, it will still be difficult to perfectly recreate a persons voice.

Considering this, I propose using voice as a means of authentication. A voice signature/speech pattern is recorded and associated to the account. Using the users voice profile, SAFE could determine the authenticity of the voice regardless to what is said. Every time a user attempts to log in, that person must say a word or string that has never been used before by that user to avoid replay attacks. Interception is pointless as SAFE would never accept the same word/string again. I don’t fully understand the technology to know if this would suffice. Please, anyone better versed in that field, chime in on the feasibility when you get the time. I’m very curious! :grinning:

Who said anything about voice recognition?
Blinking? Wth?
What are you reading?

Please don’t reply if you don’t know what U2F is, you are saying nonsense.

Please can you provide a description as people haven’t watched the video. Posting videos is great for people who have time or desire to follow up, but it helps a lot to have text in a post as not many people have the time for all the videos and podcasts that are posted. I’d love to know what U2F is about and why you are so enthusiastic about it, but I have not had the time to check this video myself.

Its in your post, the description of the Video

I didn’t. And nobody in this thread recently.

I did. Though specifically about BEHAVIORAL biometrics, I had an idea for voice biomentics. Threw it in just to see what others thought. I see now it’s either all or nothing. Forgive my gross deviation. :expressionless:

Wow, you really didn’t care about the context.
The device flashes to indicate that a challenge is ready.
It will really help you if you actually watched the video.

I hoped people watched the video after reading the promising extract. But I guess I made a mistake, because nobody really bothers to go to the source.

U2F stands for Universal 2 Factor, it is a protocol created by the FIDO Alliance.

These are the members:

Read the Specs Overview here:

To test it out I just acquired a Yubikey NEO with the new U2F implemented, and got it registered it with my gmail accounts. (This is totally different to what Yubikeys used to do)
In a nutshell Google (or whichever service) sends a cryptographic challenge to my U2F device through the browser. The browser confirms the origin of the challenge, and the Yubikey only signs the request when you have a physical contact with it.

The whole purpose of U2F is to eliminate passwords altogether, and replace with something so practical that even your grandma could use it, without compromising security.

My recommendation is to actually watch the video and then form your opinion after having a deeper understanding of what we are talking about.
It is quite frustrating to be asking about apples, and getting a response about pears.

More links:

http://sites.google.com/site/oauthgoog/gnubby

But really, it is more user friendly to just watch the video and get the overview from there.

Very cool and interesting. Some notes (needs checked). Lets start with I like it though :wink: It’s progress at least

  1. It is a 1FA really allowing 2FA to happen. At the moment it’s a think you have and it logs you in.
    So it could be linked with a password (what the presenter says get rid of) or pin (which he accepts, but is essentially the same).
    It could also use biometrics LOCALLY (never transmitted) so say include a fingerprint scanner that obfuscates/decrypts the included private key. If local this could be OK as it’s something you have and something you physically supply. Issue is many fingerprints now stolen and I presume can be 3d printed or similar. In the case of SAFE though as your login is not tied to any public persona this would be OK unless a theif stole your device and knew your fingerprint.

  2. It won’t help unique human I don’t think as you could have many devices with different keys afaik.

  3. I am not sure the makup of the server component, but assume it could be decentralised with some ease. I think it would require some working out how to attach that to SAFE sites and the like, but far from impossible.

So in conclusion, I think this is one to watch and especially stuff like it, it’s a bit like a usb holding a key and using that (like in ssh) but a bit more advanced.

I must say though the Iot type devices that generate keys may be great, but I think we need to be aware of the random number generators there and how they get entropy (on that I have been playing with Lorentz attractor circuits, not sure why it’s not been done previously, but have yet to make measurements of entropy).

Cheers for vid, sorry took so long to watch, you would not believe the amount of such requests I get, good we can watch at 1.5 2X speed in many cases.

Thanks!
I’ve been reading more into the specs, there a couple of things that aren’t mentioned in the video.
The protocol doesn’t specify how to handle the private keys.
Based on the “Implementation Consideration” it is suggested to save the private key wrapped in the server, not in the device.

[Quote=U2F Spec - Implementation Consideration]2.2 Generation of Key Handles

U2F tokens might not store private key material, and instead might export a wrapped
private key as part of the key handle. If a U2F token chooses to do this, then the follow-
ing must be taken into consideration:
● The U2F token should employ a cipher that offers the best possible security on
the given hardware. Sometimes, hardware offers better protections against cer-
tain attacks for “weak” ciphers (e.g., 3DES) than against “strong” ciphers (e.g.,
AES). Implementers should carefully weigh the pros and cons of different ciphers
on the hardware platform that they’re implementing on.
● Given a particular U2F token and a relying party, the relying party should not be
able to tell the difference between a key handle that was issued for a different to-
ken, and a key handle that was issued for a different relying party. (The concern
is that a site, evil.com, might want to find out whether a given token has been
registered for a site embarrassing.com, and would be able to do so if it had key
handles from embarrassing.com if it could tell the difference.) The two error con-
ditions (“wrong key handle” and “wrong origin (but correct key handle)”) should
not be distinguishable to the relying party, through careful timings or otherwise.[/quote]

But some manufacturers like Hypersec seems to save private keys in the device (that’s why I guess it has the limitation of registering it only in 63 sites), others like Yubico uses deterministic encryption to avoid saving keys in the device and yet not saving it in the server either, and also this allows it to be used in any number of sites without limitations.

From Internet Security and Company Blog | Yubico

I guess that making everyone register all 10 fingers offers an acceptable redundancy.

Should I open up a new thread on FIDO U2F & UAF?

1 Like