{"id":1381,"date":"2009-08-06T22:43:41","date_gmt":"2009-08-07T03:43:41","guid":{"rendered":"http:\/\/www.coresecuritypatterns.com\/blogs\/?p=1381"},"modified":"2009-08-06T22:43:41","modified_gmt":"2009-08-07T03:43:41","slug":"biometrics-based-encryption-digital-signatures","status":"publish","type":"post","link":"https:\/\/websecuritypatterns.com\/blogs\/2009\/08\/06\/biometrics-based-encryption-digital-signatures\/","title":{"rendered":"Biometrics based Encryption &amp; Digital Signatures ?"},"content":{"rendered":"<p>Just read this <a href=\"http:\/\/www.springerlink.com\/content\/h16p570761874047\/\" target=\"_blank\">interesting research paper published by Prof. Bobby Tait and Prof. Basie von Solms <\/a>of the <img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" src=\"http:\/\/www.financialcryptography.com\/images\/minority_report.jpg\" alt=\"\" width=\"126\" height=\"186\" \/>University of Johannesburg (South Africa), explains how a person&#8217;s\u00a0biometric fingerprints\/Iris scans\u00a0can be used as a protocol\u00a0to perform private key based encryption and digital signatures.\u00a0 The paper describes a biometric middleware infrastructure (BioVault) which requires users to performs biometric authentication\u00a0for\u00a0generating or retrieving\u00a0a random key from user&#8217;s keystore. The selected key is used to perform the required encryption or signature operation. If Alice and Bob exchanges messages using their secret key they are required to authenticate with biometrics. The only advantage of this process is the user don&#8217;t need to remember a password or carry a smartcard\/PIN to support accessing their keystore &#8211; as it uses fingerprint or Iris pattern based authentication prior to initiating the operations.<\/p>\n<p>I am not sure, how accurate the solution will be given the &#8220;False Acceptance Rate (FAR)&#8221; with Biometrics especially with Fingerprints.\u00a0 With all the highest accuracy, as I noted&#8230;.\u00a0Iris recognition&#8217;s\u00a0FAR is 1 in 1.2 million and with Fingerprints\u00a0FAR may occur 1 in 100,000. \u00a0 And there is no guidance on &#8230;how reliable is the solution in case of a MITM attack that compromises the user&#8217;s biometric sample&#8230;.? Still It is an interesting work &#8211; but\u00a0in my opinion using a conventional\u00a0PKI based solution has its own security advantages over the several inherent reliability issues with biometric authentication.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just read this interesting research paper published by Prof. Bobby Tait and Prof. Basie von Solms of the University of Johannesburg (South Africa), explains how a person&#8217;s\u00a0biometric fingerprints\/Iris scans\u00a0can be used as a protocol\u00a0to perform private key based encryption and digital signatures.\u00a0 The paper describes a biometric middleware infrastructure (BioVault) which requires users to performs biometric authentication\u00a0for\u00a0generating or retrieving\u00a0a random&#8230; <a href=\"https:\/\/websecuritypatterns.com\/blogs\/2009\/08\/06\/biometrics-based-encryption-digital-signatures\/\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,6,8,9],"tags":[24,57,62],"class_list":["post-1381","post","type-post","status-publish","format-standard","hentry","category-biometrics","category-main","category-pki-main","category-security","tag-biometrics-main","tag-pki-main","tag-security"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/1381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/comments?post=1381"}],"version-history":[{"count":0,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/1381\/revisions"}],"wp:attachment":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/media?parent=1381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/categories?post=1381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/tags?post=1381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}