Data security is a hard enough problem to solve on even a heavily regulated corporate network, but it becomes even more difficult when users are out in the wild with PDAs, cell phones and other portable communications devices. A recent PhD project at the University of Twente in the Netherlands has described a user-friendly solution to cryptography for ad-hoc network transfers, such as sending files over infrared or Bluetooth between two PDAs, and it's as easy as taking a picture.

Current methods of ensuring the authenticity of a device are less than ideal. They generally rely on a third-party, trusted system to authenticate each device, which can then use a key supplied by that system to secure communications between the two devices. This opens the door to forgotten passwords, weak passwords that can be cracked, and compromise of the third-party trusted system. The researchers at Twente were looking for a solution that would allow two devices that had never communicated with each other to establish a secure connection.

They focused on biometrics, which should eliminate passwords and enhance security. Biometric data is generally regarded as being ill-suited for cryptography: each measurement, even when taken by the same device, of the same feature on the same person will differ slightly. This noise in the data makes it difficult to extract a cryptographic key in the traditional sense. Other recent work has shown that it's possible to use just the noise in a biometric measurement to generate a cryptographic key—the new method relies on this principle.

Researchers put together a system that can be implemented on any device equipped with a camera. Facial recognition software is then used to produce biometric measurements of a person's face, which should stay constant through changes in hairstyle, makeup, etc. Users take a picture of themselves, then uses a random string that, combined with the biometric information, forms the equivalent of a public key.

When two people need to establish a connection between their devices, they exchange these public keys, and each then takes a picture of the other device's owner. The biometric data from this new picture is used to try to extract the random string from the public key.

Because the two biometric readings are unlikely to match perfectly, the system will have to go through and flip bits until it manages to extract the correct string. Since the two readings should be close, this extraction should happen within a finite time; if it fails, the communication is canceled. If it succeeds, the system hangs on to the bits it had to flip and uses them as a random seed for the communication session.

The authors calculate that, for anyone to eavesdrop on these communications, they would have to have access to photos of both of the participants from which to generate their own biometric data; otherwise, listening in would require a brute-force crack. Having both photos is possible, but not likely, given that the whole point of the system is ad-hoc communications.

Users that were given a chance to try the system, which the authors call SAfE, found it easy to use and enjoyable; it certainly eliminates the hassle of remembering passwords.

Further reading:

