FOR

Despite some major advances in the last 12 months, biometrics is a relatively new area for IT security, not least because of the complex algorithms and computing power needed to validate a transaction.

Most user biometric IDs are not that complex – pioneering work from the likes of Visionics in the area of facial recognition and BioconX, Groupe SAGEM and others in the fingerprint ID arena have reduced the templates needed from an ID down to a few tens of bytes of data. What really takes the computing power is the processing required to sift through thousands of biometric IDs to identify a single user beyond reasonable doubt.

Cloakware/Signature is not a shrink-wrapped application but a software developer’s kit (SDK) to allow developers and other interested parties to create applications with integrated signature biometric technology. If you’re after a shrink-wrapped protection system for your PDA, then you’ll have to look elsewhere.

Applications developed using the Cloakware/Signature SDK also reduce the amount of processing power required, as they simply authenticate users against signature templates stored on a portable device, which also avoids the privacy issues of having biometric information stored in one place.

Thanks to the relatively low processing power requirements of signature capture, Cloakware has distilled its application down to a size where it can be run on either a Palm operating system or Windows CE/Pocket PC-driven PDA. It’s worth noting that Cloakware worked closely with Communication Intelligence Corporation (CIC) in the development of this product, which uses technology drawn from Sign-On for Pocket PC and its predecessor, CIC Sign-On. The Cloakware/Signature SDK is several steps ahead of CIC’s Sign-On for WinCE/PocketPC users, though, since it supports triple-DES and SHA-1 encryption technologies to keep data on the local device away from prying eyes. [Ed: Cloakware states that version 1.2, which is due to be released shortly, will use AES.]

According to Cloakware, a simple ID/password combination, on average, could take around three hours to crack using various hacker techniques. This is our experience in such matters, as software of this genre is available for downloading from various web sites, as well as through hacker and cracker-related groups. The Cloakware/Signature technology, on the other hand, should take around a month for a ‘Class II’ hacker to crack, using suitable attack software. Cloakware defines a Class II hacker as someone coming from a university or IT company research lab, or someone with government agency training in the biometrics and cracking arena.

Even with a sample of a user’s signature, Cloakware says that a false acceptance rate of under 0.01 percent is to be expected, owing to the various dynamics involving with writing a signature.

Enough of the preamble – on with the Cloakware/Signature SDK.

As supplied, the SDK is around 1.3Mb in a zipped format and, like most Windows CE/Palm software, is designed to be launched and transferred to a PDA from a desktop environment. In use, it has pre-set false acceptance rate (FAR) and false rejection rate (FRR) settings. The FAR is the rate at which an impostor is verified as a valid user, while the FRR is defined as the rate at which a valid user is rejected by the biometric device. Cloakware/Signature has low FAR and FRR settings, to maximize user convenience and keep security high. Our first response to this imposition was to question why the twin settings could not be altered. We later realized, though, that allowing the settings to be altered could completely nullify the advantages of having a biometric sign-on system in the first place, as well as giving an open door to hackers to modify the source code. We concluded, therefore, that fixed FAR/FRR settings are a necessary evil for software developers

Cloakware/Signature also has one ace card up its sleeve that Cloakware, for obvious reasons, doesn’t like to talk about – the resultant standalone software created with the kit is tamper-resistant (TRS) and any attempts to change the source code of the application results in the program failing to execute. The method by which the company has achieved this is beyond the scope of this review, but the last time we encountered such technology was on advanced software developed for the Sinclair Spectrum Z80-based home computer in the early 1980s. [Ed: Cloakware states that a section of its web site is dedicated to TRS at www.cloakware.com/products/cloakware/index.html.]

The Spectrum was a simple computer design and, owing to its simplistic Z80 BIOS, relatively easy to hack. This posed a problem for software houses that wanted to avoid their applications being pirated, so TRS was quickly developed. Despite the memory limitations (48K on a high-end machine), the ability of tamper-resistant software to checksum itself using specific memory registers made the Spectrum software almost impossible to crack. The technology was cracked, though, using an extended memory paging approach, allowing two copies of a given application to simultaneously co-exist within the computer’s memory. One copy was cracked, allowing a pirated version to execute, while the other was a clone of the original, allowing the pirated version to checksum itself against the original, rather than itself – a neat approach to beating TRS.

We think that Cloakware’s cloaking and tamper-resistance system may ultimately be beaten using this and similar techniques, rather than a brute-force cracking approach that the company says would take more than 37,000 man-years to complete. For most applications, though, including consumer banking with signature verification, this is a theoretical argument only.

Cloakware/Signature will run under Palm OS 3.5 or later or, in the case of WinCE/Pocket PC platforms, Win CE 3.0 or later, in tandem with an ARM, SH3, MIPs or X86 microprocessor.

SC On-Line
SC Magazine
www.scmagazine.com