Thursday, 21 February 2013

Biometric security

Nearly 7 years ago all 23 chromosome pairs of the human genome were mapped, after over 10 years effort and billions of dollars spent.

Now, you can get your DNA mapped for about $5000-$10,000 and that's expected to drop to $1000 soon. And the data amounts to about 8.5GB - small enough to store on your phone. This is amazing science and bodes well for disease cures and longevity, but what about security and identity?

Right now, if I handed a thumbdrive to you with my personal genomic sequence on it, there's not much you could do with it, except take it to some clever people to find out what diseases I'm genetically prone to. But what about in the future? Science fiction writers like to rave about DNA fingerprinting: locks only unlocked by your DNA, or guns imprinted with your DNA so that only you can fire them. Crimes solved because the perp's DNA was found at the scene.

Now, what if you could use my DNA to grow a replica of my hand, my blood, my eye etc.- enough to trick the lock, or the gun, or the forensics team? How would I then prove I was me?

The worrying thing about DNA for identity is that you can't just reset it, like a password. It IS you. That 8.5GB dataset is your recipe. Maybe the boffins have thought of that, or maybe not? From a security access perspective it's no big deal: we've had multi-factor security for years, whereby access requires something you have (eg. a card), and something you know (eg. a PIN). But if someone takes your card, you can cancel it. If someone takes your DNA, what can you do?