This is Part 3 of a series discussing the public comments on Draft NIST SP 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials and the final version of the publication.
After Part 1 and Part 2, in this Part 3 I intended to discuss comments received by NIST regarding possible uses of biometrics in connection with derived credentials. But that requires explaining the use of biometrics in PIV cards, and as I delved into the details, I realized that this deserves a blog post of its own, which may be of interest in its own right. So in this post I will begin by reviewing the security and privacy issues raised by the use of biometrics, then I will recap the biometrics carried in a PIV card and how they are used.
When used for user authentication, biometrics are sometimes characterized as “something you are“, while a password or PIN is “something you know” and a private key stored in a smart card or computing device is “something you have“, “you” being the cardholder. However this is only an accurate characterization when a biometric sample is known to come from the cardholder or device user, which in practice requires the sample to be taken by, or at least in the presence of, a human attendant. How easy it was to dupe the fingerprint sensors in Apple’s iPhone (as demonstrated in this video) and Samsung’s Galaxy S5 (as demonstrated in this video) with a spoofed fingerprint shows how difficult it is to verify that a biometric sample is live, i.e. comes from a human body. In the absence of an assurance of liveness, the security of biometric authentication relies on the relative secrecy of the biometric or, more precisely, on the likelihood of an adversary not having access to a sample. When the adversary captures a smart phone with a fingerprint sensor there is zero relative secrecy, since the phone owner’s fingerprints are on the phone itself; an adversary may also be able to lift latent fingerprints from a captured smart card. But there may be substantial relative secrecy for other kinds of biometric samples, such as an iris image.
The use of biometrics for user authentication raises privacy concerns for two reasons. First, if a biometric sample or template used to authenticate a transaction is provided to the party to which the user authenticates (the verifier), then that transaction can be linked to unrelated but biometrically authenticated transactions, as well as to offline activities of the user. Second, biometrics are not cancelable, so if the relative secrecy of a particular biometric, such as the fingerprint of a particular finger or the image of the iris of a particular eye, is compromised, that biometric cannot be used again securely.
These privacy concerns mean that biometric samples and templates used on a device such as a smart card, a smart phone or a laptop must not be provided to transaction verifiers, and must be protected against adversaries who may physically capture the device and malware that may be running on the device.
Biometrics in PIV cards
The specification of biometric usage in PIV cards is distributed over six different documents. As of this writing, the latest versions of these documents are as follows: FIPS 201-2 (August 2013); Revised Draft Part 1, Revised Draft Part 2 and Revised Draft Part 3 of SP800-73-4 (May 2014); SP800-76-2 (July 2013); and SP800-116 (November 2008). SP800-116 is out of date, but is useful for understanding the thinking behind the various methods of physical access control.
The biometrics that must or may be carried in a PIV card include two mandatory fingerprint templates for off-card comparison, one or two optional fingerprint templates for on-card comparison, one or two optional iris images, and a mandatory electronic facial image. The optional fingerprint templates for on-card comparison may be derived from the same enrollment fingerprints as the mandatory ones for off-card comparison, but they are encoded in different formats. The biometrics in a PIV card may be used for a variety of purposes, as explained in the following sections.
Physical access control with authentication by PIN and fingerprint
The authentication methods called BIO and BIO-A can be used for cardholder authentication to a Physical Access Control System (PACS) using one of the off-card comparison fingerprint templates. The cardholder inserts the card into a card reader, supplies a fingerprint by touching a sensor, and enters a card activation PIN on a PIN pad, which the PACS forwards to the card. After verifying the PIN, the card sends the fingerprint template to the PACS, which the PACS uses to verify the cardholder’s fingerprint. The template is signed with a digital signature, verified by the PACS, which binds the template to a card identifier. (Actually, the signature binds the template to two card identifiers, the original FASC-N identifier for federal smart cards, and the newer Card UUID suitable for PIV Interoperable (PIV-I) cards that may be issued by federal contractors to their employees.) A card equipped with a contactless interface may communicate with the reader through a secure channel established over NFC, instead of through a contact interface. BIO-A differs from BIO only in that BIO is unattended whereas a human guard watches the procedure in BIO-A.
At first glance, these methods provide three-factor authentication: one factor being the PIN (something you know), a second factor being the card (something you have) and a third factor being the fingerprint (something you are). But SP800-116 explains that, in fact, they only provide one-factor authentication. This is because the PACS does not authenticate the card in these authentication methods. A signed template obtained from the card of a legitimate cardholder could be placed in a fake card and used by an impostor to authenticate. The impostor would have to spoof the biometric, but would not need to be in possession of a valid card, nor to know a valid PIN since the PIN would be verified by the fake card manufactured by the impostor. Spoofing the biometric may be difficult in BIO-A under the attendant’s watch, but should be relatively easy in BIO if the impostor has access to a fingerprint sample (which may be available on the card itself), judging by how easy it was to dupe the iPhone and Galaxy S5 fingerprint sensors. The signed template could be obtained, for example, by malware running on a desktop equipped with a card reader, if the legitimate cardholder uses the card for remote authentication from the desktop and enters the card activation PIN via the keyboard. (The BIO and BIO-A procedures also include retrieval from the card and verification by the PACS of the Cardholder Unique Identifier (CHUID), which includes a signature binding the FASC-N and UUID to an expiration date. But the CHUID could be obtained and placed in a fake card just as well as the signed template.)
While SP800-116 candidly explains that BIO and BIO-A provide a lot less security than it seems, FIPS 201-2 does not. It says that they do not provide protection against the use of a revoked card, but does not say that they do not provide protection against the use of a fake card. It assigns the highest security level to BIO-A, and rates BIO at Security Level 3 out of 4. (See Table 6-2 of FIPS 201-2, in conjunction with Table 6-1.)
SP800-116 suggests combining BIO or BIO-A with one of two authentication methods that do authenticate the card and check for revocation, called PKI-AUTH and CAK-AUTH. In PKI-AUTH the card authenticates with the PIV Authentication private key and associated PIV Authentication certificate, and in CAK-AUTH with the Card Authentication private key and associated Card Authentication certificate. (The two methods differ in that CAK-AUTH does not require card activation while PKI-AUTH does. When PKI-AUTH is combined with BIO or BIO-A, a single activation by a PIN enables both the retrieval of the signed fingerprint template and the use of the private key.) These combinations provide three-factor authentication. The combination of BIO-A with either PKI-AUTH or CAK-AUTH provides strong security if the PIV card is strongly tamper resistant.
Physical access control with authentication by PIN and iris image
In BIO and BIO-A, an iris image may be used instead of or in addition to a fingerprint, in which case the PACS retrieves one of the optional iris images from the card, signed, instead of or in addition to the mandatory off-card comparison fingerprint template. Iris recognition provides more security than fingerprint recognition for two reasons. First, iris recognition achieves a lower FAR (False Acceptance Rate) than fingerprint recognition for a given FRR (False Rejection Rate). Second, an iris image has higher relative secrecy than a fingerprint, because it is difficult to obtain a high quality iris image without cooperation from the subject while it is easy to lift a latent fingerprint from any object touched by the subject, possibly from the PIV card itself.
Physical access control with fingerprint-only authentication
A new authentication method called OCC-AUTH, introduced in version 2 of FIPS 201 dated August 2013, can be used to authenticate the cardholder to a PACS by means of a fingerprint but without a PIN. Instead retrieving a fingerprint template from the card, the PACS sends the card a fingerprint provided by the cardholder, which the card compares against one of the optional on-card comparison fingerprint templates, reporting the success or failure of the comparison to the PACS. Which of the on-card comparison fingerprint templates is used when there are two of them is not discussed.
The card sets a limit on the number of consecutive failures, after which the “authentication mechanism” is blocked and a reset procedure must be used (if implemented) to re-enroll the “verification data”. In the case where there are two on-card comparison fingerprint templates, it is not clear if “verification data” refers to one or both of them, nor whether there is a separate count of consecutive failures for each of them.
Although FIPS 201-2, Section 6.2.2, says that OCC-AUTH can be used with contact and contactless card readers, SP800-73 Revised Draft Part 1 requires communication between the card and the reader to take place through a secure channel over NFC, relying on the secure channel establishment protocol for authentication of the card to the reader. Card authentication is of course essential, since a fake card could be programmed to ignore the fingerprint and report success to the reader.
Table 6-2 of FIPS 201-2, in conjunction with Table 6-1, assigns Security Level 4, the highest, to OCC-AUTH. Yet OCC-AUTH has several security weaknesses: there is no protection against the use of a revoked card; presence of a human attendant is not required; and no PIN must be entered. An adversary who physically captures a card may find a latent fingerprint on the card, use it to make a fake finger, and use the fake finger to dupe the fingerprint sensor.
Surprisingly, the NIST publications do not allow the optional iris images stored in the PIV card to be used for on-card comparison, hence they cannot be used in OCC-AUTH. No reason is given for that.
Authentication by fingerprint to local workstation
OCC-AUTH can also be used for authentication to a local workstation (which presumably means a desktop or laptop computer). There is no requirement that the cardholder’s fingerprint be read by a sensor on the card reader, hence it may be read by a sensor attached to the workstation. Furthermore, use of a workstation-attached sensor is suggested by the assertion in FIPS 201-2 (Section 3.1.1) that a keyboard is generally used when it comes to enter a PIN for logical access to an information system, the keyboard being analogous to the sensor. A comment by Steven Sprague on Part 1 of this series pointed out that a PIN entered through a computer keyboard is vulnerable to malware running on the computer, and the same is true of a biometric entered through a sensor attached to a computer. A biometric or PIN that travels through a computer may also leave one or more copies of itself stranded in permanent storage that has been used to store virtual memory pages, and those copies may be captured by an adversary who gains access to the computer. Capture of a biometric has not only security implications like capture of a PIN, but also privacy implications, as discussed above.
Cryptographic credential activation by fingerprint
A fingerprint may be used instead of a PIN for card activation. The fingerprint is sent to the card and compared in the card to one of the optional fingerprint templates for on-card comparison, as in OCC-AUTH. But there is no requirement to authenticate the card before sending the fingerprint, and hence no requirement to use a secure channel over NFC for transmission of the fingerprint. Since a contactless interface is a relatively new feature in PIV cards, I suppose the contact interface is generally used to transmit the fingerprint.
There is a separate count of consecutive authentication failures for each activation method, after which a reset procedure must be used (if implemented). When two on-card comparison fingerprint templates are stored in the card it is not clear whether use of each template is considered a different activation method with its own count.
Since, as noted above, the optional iris images cannot be used for on-card comparison, an iris image cannot be used for card activation.
Activation by fingerprint is arguably less secure than activation by PIN. Since activation is an unattended procedure, security relies on the relative secrecy of the fingerprint, which is low since it may be possible to lift a latent fingerprint from any object touched by the cardholder, including the card itself. As discussed above, spoofing the fingerprint should be relatively easy once an impostor has access to a fingerprint sample, judging by how easy it was to dupe the iPhone and Galaxy S5 fingerprint sensors.
Furthermore, if the card is activated for use by a computer, and the fingerprint is scanned by a sensor attached to the computer as allowed by FIPS 201-2, the fingerprint is exposed to capture by malware running on the computer or by an adversary who later gains access to the computer and finds a copy of the fingerprint in permanent storage that has been used to store a virtual memory page, as is the case in OCC-AUTH authentication to a local workstation. So is a PIN entered through a computer keyboard; but, as discussed above, capture of a biometric has privacy implications besides the obvious security implications of capturing any activation secret.
Activation of the PIV card enables the use of the PIV Authentication private key and associated certificate for PKI-AUTH authentication to a PACS, a local workstation, or a remote information system such as an agency web site; a common way of authenticating to a web site with a PIV card is to use the PIV Authentication private key and certificate for TLS client authentication.
If the cardholder has a government-issued email account, card activation also enables the use of a digital signature key and a key management key, which are private keys used for signing and decrypting S/MIME messages.
Visual authentication with facial image for physical access control
The electronic facial image can be displayed to a guard controlling access to a facility. The facial image is signed, and its use requires card activation, usually with a PIN. However, like BIO and BIO-A, this authentication method only provides one-factor authentication, unless combined with PKI-AUTH of CAK-AUTH to authenticate the card.
Card issuance and maintenance
Biometrics carried on the PIV card (or at least, presumably, those intended for off-card comparison), can be used during card issuance and maintenance procedures, such as delivery of the PIV card to the cardholder after manufacturing and personalization, or PIN reset after a limit on consecutive PIN entry failures has been reached.