Biostamps - freedom from password tyranny, or Hollywood science?

Filed Under: Featured, Google, Privacy, Security threats, Technologies

Biostamp, courtesy of MC10Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone.

Could this be the ultimate solution to the problem of authentication, or is it just a sci-fi pipe dream?

The biostamps are basically flexible electronic circuits attached to the skin, which theoretically can communicate wirelessly with any device which needs to check who you are.

The concept evolved from medical research, and was picked up by Google subsidiary Motorola Mobility, who are looking into making it a reality.

An alternative option, also presented by their bosses at the recent Wall Street Journal D11 conference, is a pill which emits identifying signals from the stomach.

Identity Crisis

The problem of identity is the biggest headache in computer security. Verifying you are who you say you are is at the heart of most security issues, and being able to pose as someone else - to their bank, say, or to their email or social networking provider - is the main aim of the vast bulk of malware and cybercrime.

What's needed is an end to the weak, clunky and decrepit authentication system on which we base most of our security - passwords.

With the speed modern computers can process guesses, and humanity's apparently incurable lack of originality, their usefulness has reached an end.

So what should we do instead?

Current tech

Two-factor authentication is much in the headlines lately.

Most of us carry some sort of mobile device, so why not use it to prove who we are? In combination with a traditional password, that should make things much more secure.

Nice idea, as far as it goes. But still clunky and awkward.

It relies on you having your device handy, and requires you to faff around consulting it and feeding in complicated codes between devices. Also, not all that secure, as man-in-the-middle attacks have proven.

So a way of uniquely identifying a person, simply and automatically with minimal mental effort, could be a great step forward.

Fingerprints seem like the obvious option, but the laptop I'm typing on has an alleged fingerprint reader, and I seem to be able to pass its test with my elbow, while my finger is completely ignored. Effective contact-less authentication without moving a muscle seems far better.

Future tech?

But are these "electronic tattoos" or swallowable dongles really viable? And if they are, are they really the right way to go?

Hand bar code, courtesy of ShutterstockThey sound like something from a sci-fi movie, but in the past reality has caught up with some pretty wild ideas from the sci-fi world.

The first problem with Motorola's ideas as they are is that they are temporary.

These biostamps apparently last only a couple of weeks, while the pill version might last longer but would eventually be, ahem, ejected.

So they'd need to be replaced. You wouldn't want to go too long without your ID, so you'd maybe keep a stash of pills/stamps handy, in your wallet say, or beside the bed.

Bad move. Get your wallet stolen or your house burgled, suddenly your 100% verifiable identity's been shared with the whole black market.

An alternative would be to have the things built on-the-fly and dispensed by a dependable source. Maybe a machine in the street, which you would authenticate yourself to using the last dregs of power in your previous patch or pill.

The dispenser and the process of creating the dingus would have to be pretty hack-proof though, which has proven to be beyond humanity's abilities so far.

Identifying marks

Longer term you might think it would be good just to have a permanent implant, put in at birth. Now we're really hitting sci-fi territory - Hollywood loves a nice implant.

As things develop you could maybe include some storage in there too, at first just a handy flash drive for moving your files around but further ahead perhaps backing up your memories to save space in your brain.

Beyond the obvious civil liberties problems, there are religious issues with such body modifications.

And of course there will always be slow adopters. In any decent dystopia there has to be an underground resistance movement of course, but they can usually be overcome with a tough regime of drugs and brutally enforced compliance.

Vital signs

Heart rate, courtesy of ShutterstockNext up, you'd need the thing to know you were alive, and ideally awake. The pills are powered by stomach acid, so should die when they leave the body.

Hopefully they would have some controls to prevent them being rinsed off and rebooted.

With the stamps though, you wouldn't want a bad guy tearing it off or, even worse, removing whatever body part it's attached to and taking that to the nearest ATM.

The biostamps are based on a design meant for health monitoring anyway, so that shouldn't be a problem. Where it gets difficult is if the health monitoring goes too far and starts trying to guess when you're going to die.

From there it's only a short step to controlling how long you deserve to live.

Knowing you're awake is important so that you couldn't be doped or knocked out and used as a snoozy key to your house/phone/bank account etc. Detecting consciousness is likely to be fairly viable, but really you'd want the thing to know that you actually want to be identified, to avoid brush-past ID theft.

This issue exists with current contact-less bank cards, but there it can be overcome with simple signal-blocking wallets.

To do it with built-in kit we're looking at mind-reading, which I'm sure the big search providers and social network sites would love a piece of.

It wouldn't take long to start seeing adverts beamed straight into the brain.

Dark future

Things look pretty bleak for the biostamp then. A fun idea, but probably not a viable solution to the authentication problem.

It looks like we're going to be stuck with passwords for a while at least, so make sure you practice safe password management.

And keep watching the skies!


Image of hand bar code and vital signs courtesy of Shutterstock.
Image of biostamp courtesy of MC10.

, , , , ,

You might like

5 Responses to Biostamps - freedom from password tyranny, or Hollywood science?

  1. Neil · 418 days ago

    Nice article. But in future can you make the distinction between Motorola Mobility and Motorola Solutions clearer?

    • John Hawes · 418 days ago

      My apologies - for those who've not looked it up, Motorola split in two a few years back in (start of 2011), with the mobile phone wing going under the name Motorola Mobility and being acquired by Google in a process running from mid-2011 to completion in May 2012.

      The rest of the company (apart from a biggish network division which was sold on to Nokia Seimens Networks) now trades as Motorola Solutions, consisting of the former Enterprise Mobility and Public Safety parts of the original Motorola group. Hope that's clear...

  2. This Biochip doesn't seem any more useful than implanted RFID chips - at the end of the day the device doing the authenticating could be stolen. I would like to see more progress on integrating biometric security into mobile devices - fingerprints, capillaries, retinas and EEGs are all more secure than a stick-on chip.

  3. Cliff Jones · 418 days ago

    sci-fi nightmare is more like it. I think the world has gone way overboard on this 'need' to know identity everywhere and anywhere.

    No good can come from universal biometric identification. We are not ruled by a benevolent United Federation of Planets. Like cream, evil will always rise to the top no matter how much you shake things up. Humanity is better off not giving evil the tools to dominate your every breath.

  4. Unfortunately, the development processes used to create security technologies REQUIRE a mimicry backdoor. How can developer B test if user A's credentials are secure unless he/she can pose as user A? The tools needed to create and troubleshoot can, and will, always be used to circumvent the security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.