While shopping for a USB fingerprint scanner for my PC, I found two types:
*match-on-host*, which lets the computer read the fingerprint scan’s data to verify your biometrics,
and *match-in-sensor*, which verifies your biometrics in the scanner itself then tells the computer that it succeeded.
Wouldn’t it be possible to make a USB device pretending to be a fingerprint scanner which responds to the computer’s request to scan with a pre-programmed success response? There must be some way for the computer to know whether a fingerprint scanner actually verified a fingerprint other than simply receiving a “yes it matches,” or it would be trivial for a bad actor to make a master key for any computer with biometric login and a USB port.
Does the computer store a digital key on the fingerprint scanner to confirm it’s the same hardware that the biometrics were originally set up with? or vice versa?
In: Technology
>Does the computer store a digital key on the fingerprint scanner to confirm it’s the same hardware that the biometrics were originally set up with
You dont have to use the same hardware that you used to set up. But you need to only let trusted devices input their data. This is done pretty much the same way most encyption works with a key pair that is set up when registering the device with the service and which you need to do anyway because you need to load the matching table on the match-in-sensor device.
Take this product spec manual for example:
[https://az31609.vo.msecnd.net/literature/3caadb6a-4675-4821-b063-47d36ca98154.pdf](https://az31609.vo.msecnd.net/literature/3caadb6a-4675-4821-b063-47d36ca98154.pdf)
The product claims SSLv3 for secure session establishment and TLS1.2 for secure communication.
Which I assume each scanner has a unique TLS certificate and on-sensor private key, this prevents MITM attacks if the Windows Biometrics service requires previously enrolled fingerprint authentication results to come from the same hardware signed by the same certificate private key, which I assume it would.
To make it somewhat ELI5, asking the sensor for results is similar to connecting a banking website using HTTPS, the host checks the certificate the site/device presents for authenticity and will only trust certificates signed by trusted CAs, or previously explictly trusted certificates (during enrollment).
I didn’t check the WBS implementation details, above is only speculation.
normally some type of cryptographic data would correspond to a particular fingerprint but it’s always going to be up to the device to not lie about which “key” was a match when scanning a particular finger.
using the crypto method prevents other people from spoofing but afaik there’s no way to reliably tie a specific fingerprint to some other kind of data that a device *can’t* lie about.
How it communicates: typically through a com port or something of similar nature. In terms of security, match-in-sensors have no security if you allow your computer to use any sensor for results. Normally, these sensors are both fabrically attached to devices of importance, and even then have encryption keys with each other so you can’t just desolder and resolder a different chip on just like that. Specifically, they both have private and public keys so that a third party cannot figure out the private keys. Of course, no device is secure if an attacker has the physical device – they can and will hack into it if given enough time and effort. For most general applications though, no one would bother trying to wipe the security key’s fingerprint or constructing a device that spoofs the encryption (which would either way usually require the deconstruction of either the original device). Security is, in a nutshell, the science of making something take more effort to unlock than is worth the contents.
Latest Answers