Biometric Concept in the UNIX Enviroment Digital Ebola INTRODUCTION In the world of today, security is a large concern of anyone in the computer industry. The model for security has been based on logins/password for the duration of the computers existence. As of late, we have found that this model is not the best due to compromises. Many companies have started to turn to biometrics as the solution. If you don't know what biometrics is, the concept can be best explained as user identification by unique physical features. Unique physical features being: fingerprints, retina, voice, and the size and shape of the hands. You can readily aquire such a system of authetication for local use, but is it simply that: local. What I am going to outline, is the concept for remote use under UNIX and like operating systems. Good security is tough to come by. You can secure your entire network, lock it down to the point of it being a Digital Ft. Knox. In the end, you pay for this amount of security, by trading ussability. The human factor in the end will still be your main compromise, as users forget passwords, write them down for all the world to see, or are social engineered into giving them. At present, servers can be exploited in a number of different ways, be it from leaky code in a daemon, a flaw in the operating system as a whole, or user and/or admin ignorance. Even if you are on top of things, and you are monitoring your systems you still do not know really who is who, because Joe User can be logged in from anywhere, unless you have implemented trusted host policies, and even these can be bypassed depending on the skill of the attacker. As mentioned before, biometric authentication has been implemented at local terminals. What I wish to bring to light, is the possible integration thru a secure shell (encrypted) tunnel. In easier to understand terms, instead of having the password, we will have biometric identification to a remote location. You are at home, and you wish to login to the main work server. Your means of transport is SSH. You key the command to SSH said server. There is a encrypted key comparison done between server and client, the tunnel is established, and the system prompts for a biometric print. At this point you place your thumb upon the biometric pad and you are authenticated. The advantage to this, the user is not required to know their password. If they do not know their password, they cannot change it, they cannot forget it, they cannot write it down, or be social engineered out of it. And that is one less thing that the user has to keep track of, and it actually increases usability. The down side to this, is the possible capturing of a thumbprint in transit to it's destination and replaying it for the authentication, although the print will be encrypted as a substream running inside of a encrypted tunnel. Of course, actually deciphering a encrypted steam, and decrypting yet another layer of encryption is supposed to be impossible, but in my own experience I have seen a lot of impossible things happen. Another possible problem could be the actual amputation of the thumb and the use of it on the plate. Biometric technology has advanced to the point of detecting where the imput is "warm and alive" or not, but I doubt the technolgy is cheap for wide scale utilization. You could in theory, not only rely on the biometric imput, but also utilize smart card technolgy and passwords in tandem, as stressed before, this will bring down the usability of the system. This technology could also be used to not only authenticate UNIX boxes, I have merely used this as a example. You could authorize any client/server connection or even wide scale lan-to-lan VPNs and so forth. The main idea is to make this easier for the end-user to authenticate themself, and wipe out the "human factor". Now, when discussed with a couple of my collegues, one mentioned that the user could still botch up having to carry around a biometric device everywhere they go. This is fine, I am sure there could be a market for implementing a biometric plate upon a keyboard or laptop. In conclusion, this sytem could very well work. If one wanted, they could even start a project based on these ideas, as biometric devices can be aquired for your home terminal for about 400 dollars U.S. My purpose of this writing, is to stir a little creative thought, and for those who can afford the gear, a possible reality.