Comments

Errorcod3 August 24, 2015 12:23 PM

The unique patter of how the heart pumps blood should it not be the same if transplanted to another person? Or will the circulatory system as a whole effect the heartbeat?

I am thinking that a heart transplant will not be a valid signature, and you would not be able to steal some-ones identity.

bogorad August 24, 2015 12:32 PM

Got one of those devkits as soon as they started selling them. They got the wrist sizing wrong, otherwise a solid security solution. Way too little support though. But I’m hopeful.

me August 24, 2015 12:51 PM

And we navigate this brave new world how, exactly? Nobody that I’ve seen had been talking about the full spectrum of uses to which these new abilities can be put.

Anura August 24, 2015 12:53 PM

As with all Biometrics, we should not rely on them as if anyone ever figures out a way to forge it, they become completely useless if anyone ever records your retina/face/fingerprint/heartbeat/whatever.

lazlo August 24, 2015 12:57 PM

There has got to be a movie plot here about someone having a heart attack who can’t unlock their phone to call for help.

Alien Jerky August 24, 2015 1:05 PM

Are there enough unique identifiers to delineate uniquely each of the 9 billion people in the world without false positives?

Alan Kaminsky August 24, 2015 3:11 PM

This heartbeat band isn’t going to solve the problem. I’m sure one’s EKG signature would be different when viewing, say, amazon.com versus ashleymadison.com. Unless they start attaching biometric sensors to additional parts of the body…

David Leppik August 24, 2015 3:40 PM

Note that the Wired article is dated June 2014. I’d assumed the Apple Watch is using something like this for payments, but I don’t know.

The question is whether you actually need an ECG device of the type they describe, or if other pulse measuring devices (such as Apple’s or Fitbit’s) will work. Or even if you can use pulse measured from a regular video camera using Eulerian video magnification.

trsm.mckay August 24, 2015 6:12 PM

Have not seen much public disclosure, so I can’t discuss details. I will point out this link: http://www.pcworld.com/article/258692/intel_confirms_acquisition_of_heartbeat_biometrics_company_idesia.html.

I will reiterate some of my past comments on the topic with the following summary:
1) There is no single perfect biometric (otherwise we would be using it 🙂
1a) Multiple biometrics (especially when they are interdependent) can improve security (though some care is needed to properly evaluate the quality attributes of each separately, see https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-482.pdf)
1b) I think authenticators will end having to be flexible, using biometrics based on user preferences, client capabilities, and the risk level of the action being authenticated.
2) Think of biometrics as user presence detection (perferably a unique individual detected).
2a) Biometrics have different attributes than what-you-know (e.g. passwords). This requires new designs, you can’t simply replace them like interchangeable factors (this type of thinking leads to objections that you can’t occasionally change your biometrics like a password).
2b) The natural attacks against biometric authentication is replay (externally with things like gummy bear fingerprints and pictures; or internally by capturing some elements of past successful authentication).
3) Privacy (and potentially the multiplicity of biometrics types) has interesting impacts on where authentication occurs, and the need for proxy verifiers. In an ideal world I would prefer the strength and relative simplicity of end-to-end authentication, but I think we are much more likely to see trusted clients doing proxy authentication — along the lines used by Apple in the iPhone fingerprint system.

Dirk Praet August 24, 2015 6:57 PM

@ Anura

As with all Biometrics, we should not rely on them as if anyone ever figures out a way to forge it, they become completely useless …

The nail on the head. My opinion on biometrics has always been that it is more like a userid than a password, and that they only make sense in 2FA.

Thoth August 25, 2015 2:03 AM

@all
The security best practices for any biometrics in the wild is not to rely on just biometrics but to use it as Multi-Factor Authentication (MFA) schemes. Biometrics rely on the “What You Have” factor of MFA and PINs/Passwords are the “What You Know” factor.

The proper deploying of biometrics is to pair the biometrics with a PIN/Password or to combo biometrics with PKI certs and PIN/Password to form a 3FA or MFA scheme.

Most depployments of MFA uses smartcards or hardware tokens as the security root of trust to securely store biometric data points and user PINs. Some of them would also store conventional PKI certs with biometric datapoints and PINs to form a MFA scheme.

Clive Robinson August 25, 2015 4:19 AM

Back in 2000 I took part in an EU Sponsored event on Crypto and security.

We were discussing some of the issues with how an insider might attack a bank by pretending to be an external attacker.

The subject of Bio-metrics of “life signs” came up such as heartbeats and brainwaves, and I commented at the time that “I know it’s going to be time to retire when Bill Gates requires me to have a five pin DIN connector in the back of my head”.

I was nastily reminded of this by the latest Win10 advert that has a happy ~6year old girl smiling cutely to camera with the tagline of how she will never have to remember another password because Win10 would use her smile. The first time I saw it I was appalled and it realy creeps me out.

I don’t know about other people but since that 2000 EU event it occurs to me more and more that that the push to bio-metrics is actualy not about “security” of resources but “assigning culpability” for resource loss at some point after the loss.

That is the industry has given up on securing resources and now wants to make sure they can point the finger of blaim at people, without the people being able to defend them selves. Thus giving LEO’s the equivalent of tangible “Fingerprints and DNA at the scene of the crime” in the intangible world of information.

The UK Government keep getting the very bad idea that a universal ID card would be some kind of Magic Pixie Dust that would “Put all the ills of the world to rights”.

The Politicos [1] were thus not pleased when Stella Rimington who had been the head of one of the UK MI’s pointed out publicaly it was not workable and thus not just a bad idea but an expensive waste of resources.

She pointed out that there was no way to reliably tie a physical identifier in the tangible world to information processing in the intangible world in a reliable way, nor was it desirable to do so. This still holds true today, in that ultimately the conversion of the physical identifiers to information identifires will always be vulnerable to various attacks, and likewise the logs and audit trails, and the systems that convert the information back to a physical presentation for humans to interact with in court etc.

The very hard lesson many people have to learn is that no mater how hard you want them, there are some things you just can not do. One of which is to force the failing assumptions of the tangible world humans interact with onto the intangible world of information and expect it to not have even more failings.

As long as the “Magic Pixie Dust” and “CSI Effect” myths exist in people’s heads “snake oil” will be traded at premium rates, and we will also not have security of information and people will be falsely accused and convicted because of it.

And at the end of the day bio-metrics are premium snake oil, sold because of invalid and known to be false assumptions, and this idea is no better than the others.

Security of information may be a very hard problem to solve, but at the end of the day not as hard as doing the impossible which is what bio-metrics is all about. They are when all is said and done no different to a magicians illusions, all smoke and mirrors just for show.

[1] I assume part of the political displeasure from the then PM Tony Blair and his “New Labour” ideas originating from his unacoutable “No10 policy unit” was that they were going to lose the major “kick backs” into the party coffers that such a boondoggle would provide (a part of the scandle that mired many of “new labours” people in criminal investigations and was typified by Tony Blair’s “we’ll take money from anyone” comment on television).

SoWhatDidYouExpect August 25, 2015 10:03 AM

@Clive:

Excellent assessment!

On this specific point:

“I was nastily reminded of this by the latest Win10 advert that has a happy ~6year old girl smiling cutely to camera with the tagline of how she will never have to remember another password because Win10 would use her smile. The first time I saw it I was appalled and it realy creeps me out.”

My thought exactly when I saw that commercial. A good reason to skip Windows 10 and all its “make believe” security intrusions.

SoWhatDidYouExpect August 25, 2015 10:22 AM

Speaking of creepy:

Microsoft may be working on an electric shock notification system

http://www.techspot.com/news/61861-microsoft-may-working-electric-shock-notification-system.html

From the post:

“Microsoft may be working on a new notification system that alerts users by giving them a mild electric shock.”

And, its patented! Well, soon maybe:

The company has filed a patent application titled “wearable computer having a skin-stimulating interface” which describes the process as “providing electrical stimuli to the skin of user to convey information to a user.”

How close is that to the thing plugged into the back of your brain?

When I was a young man living on my grandparents farm, I came into contact (physically) with a device called the electric fencer. It could drop a pig to its knees or kill a small animal. I suppose this new Microsoft electric shock device will be among those connected to the IoT (internet of things). Lacking adequate security in that realm, the possibility of a death enabling shock is a possibility. Smile and get your reward!

Anura August 25, 2015 1:13 PM

@SoWhatDidYouExpect

I think we’re decades away from having chips physically wired into our brains (and I am not going to have chips wired into my brain until they can be vetted and verified independently!), but neural interfaces are pretty much here, and people have controlled computers entirely with their brain. We’ve even demonstrated synthetic telepathy over an internet connection in the past.

r August 25, 2015 7:13 PM

I’m saying this now, I’ve been thinking about a device for heart rate over Bluetooth or something similar for a couple of months now. I don’t know if anyone else has thought of the effects of this yet or not but biometrics isn’t the half of it: the uses are profoundly security enabling in my book.
This could be used too control your lock screen, a memory wipe for anti forensics. A live feed with or without a base line heart rate could be used for access to cash safes and vaults but not to gun safes. A car could ask to dial 911 automatically ESPECIALLY if it doesn’t hear a response, a bluetooth connected device might aid against car jacking. The lock screen/memory wipe is the best aspect. An encrypted and journaled? file-system could have its last blocks salted and dumped. I have been looking into fitbits and other devices, sure an advanced device would be nice but a small simple sensor with a live feed and a some sort of jamming resistance would be nice.

Can cell phones detect heart rate yet?
That’s all I’ve got for now, I hadn’t seen or heard of those uses anywhere yet so thought I might post them here first.

Maybe I shouldn’t post it, I don’t know.

#2015© ras 😛
Sorry I didn’t see a EULAgy on your site Bruce so I figure this is a public digital space and reserve property rights if available in within the public domain.

Dirk Praet August 25, 2015 7:58 PM

@ Anura

… but neural interfaces are pretty much here, and people have controlled computers entirely with their brain.

I remember a House MD episode in which they got a paralyzed patient move a screen cursor up and down a line to answer yes/no questions. When I looked it up, that system did indeed turn out to exist.

Thoth August 25, 2015 8:14 PM

@r
What happens if a user had been on drugs or heart surgery, what will happen to the baseline ? Will it trip a trigger and wipe the data ?

r August 25, 2015 11:00 PM

@thoth
Yeah sure, a simple ekg over Bluetooth would be prone to false positives such as that, personally I wouldn’t mind having to reenter my key and lose a little work if it’s still fresh in my mind. I’d already considered that; so people with arrhythmias might be excluded, so what? I don’t think drugs would be a factor unless your device or “its” monitor keep a long term base line… I only see guns, flashbangs and loud knocks causing hiccups for this but I’m also neither doctor nor nurse… Although, one may be able to ‘juke’ such a setup. I think it’s far superior to a voice/sound modulated system for fde and anti-forensic behavior. I can imagine jamming scenarios where losing the device’s signal in noise would force a wipe, a device impersonation attack might work but flooding should be defensible? Another possible issue I can imagine is measurability delays; how big is the window from the start of the spike to a identifiable change in heart rate?

Basically, I see ‘heart biometrics’ as enabling /access/ where this facilitates /denial/.
Mashing a keyboard would get you shot, answering your door leaves the keyboard open…

I’ve been shopping around just out of curiosity because of this for a while if I could keep my Lenovo running I’d have found a device to script this with by now I think.

Maybe I’m a fool, maybe this shouldn’t be in the public where non-reverse engineers can see it but…

Another potential use is akin to life-alert bracelets, that would be ideal as Mic+speaker+ekg+motion+cellradio.
Really, cellphones in that respect are over kill.

But wiping your keys from ram? Surely you cryptographers are unfamiliar with startling visits from unwanted visitors, some people may not be so lucky.

I found myself wondering even about detecting the user of a mouse being present vs the presence of a ‘jiggler’. I’m certain a jiggler provides irregular short distance movement vs manual real human input and should be detectable up to a point of sophistication.

latsot August 26, 2015 5:14 AM

I have the Nymi dev kit. We’re working on using it in some gaming and healthcare applications.

When you put the band on, you have to activate it by scanning your ECG when it’s in bluetooth range of a paired device (your phone or PC). You have to be logged in to that device to activate it so there’s something you need to know (your password) in order for the band to work. When the band is removed or cut, it must be reactivated before it will work again.

Once the band is activated, you don’t need to scan your ECG again to authenticate.

latsot August 26, 2015 5:35 AM

I should also point out that heart rate ins’t an issue. It’s your ECG that’s being measured and – according to Nymi – the characteristic shape of a person’s ECG doesn’t vary with heart rate or normal living and recreational drugs shouldn’t be a problem.

I’m not a physician, but it doesn’t seem unreasonable to speculate that people taking medicines for heart conditions might have problems when activating the band at different times of the day. I’ve no idea whether this sort of thing has been tested.

@r: take a look at the Nymi developer forum (you have to register). There are people building the sorts of application you mention and some other inventive stuff. The band comes with software to unlock your phone or PC when you’re close and Nymi’s plan is to create an ecosystem that does the same. Its vision is one where your Nymi band is your hotel key, activates the room TV and changes to your preferred channel, unlocks your car…. It has accelerometers, too and you can do stuff with gestures. Nymi envisions using door-opening gestures to open doors, for example. The band has quite a lot of potential and it’s cheap. Well, the dev kit is.

It’s worth noting that the ECG feed is not continuous. Because it’s ECG and not heart rate, you need a signal from both sides of the body. So there are sensors on the top and bottom of the band. You wear it on one wrist and touch the top sensor with the finger of your other hand. So it couldn’t call an ambulance if you had a heart attack, for example.

But check out the forum if you’re interested.

noah August 26, 2015 9:46 PM

So this is equivalent to an RSA fob (or something like that) that requires a biometric before it will activate? I assume it is not so stupid as to use the biometric as part of a secret or anything like that. Why heartbeat? This would be more or less as secure implemented on top of Touch ID wouldn’t it?

vas pup August 29, 2015 10:44 AM

@all:
As I recall, even fingerprint analyzed template generated out of fingerprints, not exact image to be the same.
As with all biometrics, the particular threshold of mismatch should just trigger human security intervention on particular case, and each of triad of verification should be applied not simultaneously, but on each subsequent level of access. I guess biometric – to the last level of perimeter – just opinion.

Rez111 September 16, 2015 5:24 PM

“[T]he push to bio-metrics is actually not about “security” of resources but ‘assigning culpability’ for resource loss at some point after the loss.”

Reminiscent of the rather morbid (and dubious) practice of collecting children’s fingerprints and DNA samples “just in case.” These would in no way prevent abductions or kidnappings – they’d only help in identifying the body after a crime.

Tatütata January 20, 2017 9:38 AM

Reminiscent of the rather morbid (and dubious) practice of collecting children’s fingerprints and DNA samples “just in case.” These would in no way prevent abductions or kidnappings – they’d only help in identifying the body after a crime.

Not only kids.

In Top Secret America, I learned this of the septuagenarian frat boy’s immediate predecessor:

By the morning of the inauguration, FBI and NSA specialists had met with Obama to take a digital print of his voice. His retinas had been scanned, his blood drawn, his DNA officially cataloged. […]

(What? No ECG?)

I wonder why. I wouldn’t think that the officer carrying the “nuclear football” won’t stop to run biometric verifications before he opens up his bag and unseals the envelope with the codes for nuking Mexico or Greenland. POTUS would be known personally.

And hopefully POTUS doesn’t get out of the sight of his Secret Service minders long enough for him to be kidnapped. (However, PEOTUS did go out for a steak a few weeks ago).

Paul Suhelr January 20, 2017 3:22 PM

@Clive

Re: “I know it’s going to be time to retire when Bill Gates requires me to have a five pin DIN connector in the back of my head”.

One or more of William Gibson’s cyberpunk novels used “microsoft” as a generic term for a small module (e.g., database, language translator, etc.) that would plug into a socket in the back of the user’s skull.

Clive Robinson January 21, 2017 12:45 AM

@ Paul Suhelr,

One or more of William Gibson’s cyberpunk novels used…

That should have been “something I know”, but when I was a lot lot younger than I am now I started reading one of his novels and just did not get into it.

I suspect it’s still in the leisure/pleasure side of my dead tree cave. Along with Joseph Heller’s two books neither of which I could get into either.

Some years later Douglas Adams wrote “Long Dark Tea-time of The Soul” which has a plot based around a “God’s Contract” (Odin) which gave people a slice of fame/fortune and talks about books by “Howard Bell” that sell realy well but nobody actually reads…

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.