Transferable credentials such as cryptographic keys, passwords and PINs are always going to have the same problem: they can be alienated from the intended person that is granted access to a particular system or device.

As long as the cryptographic key is kept secure, no device can impersonate the original system or device, making this kind of authentication very robust and secure. But what about the person behind the keyboard or screen – is he or she bound to that cryptographic key?

Maybe in the future, with some sort of nanomachine, we could ‘seed’ a human with cryptographic keys. That would be the ideal cancellable biometric, allowing us to bind together a human and a cryptographic key.

In the meantime, we’ll have to rely on biometrics to provide some level of confidence that the intended person – using the intended system – has the cryptographic key to authenticate against another system or person.

Can biometrics also be alienated from the intended person?

We have seen many cases of biometrics spoofing, ranging from simple print attacks to spoof face biometrics, to fake fingers.

There is no silver bullet against biometrics spoofing but there is strength in numbers, or in this case: there’s strength in factors of authentication.

The combination of a cryptographic key, a biometric with a good anti-spoofing method and something that you know is a reasonably strong 3-factor authentication vector.

More factors can be added to each of the categories of: something that you are, something that you know, something that you own at the expense of convenience for the user.

Can we avoid a trade-off between user experience and security?

I believe that an adaptive authentication system, which is context and risk aware, is the key. For example, if you were at home on your wifi, logged into your laptop and decided to check some pictures on Instagram, no further authentication might be needed. But if you were about to make a high value transfer with your bank application in a coffee shop on free wifi at the CCC conference, it makes sense to expect a stronger authentication vector in order to authorise it.