You mean
So that once my unchangable biometrics are stolen, even more stuff will get compromised?
Computer science researchers at the University of Washington are developing a technology to securely send data through the human body rather than wires or the air. Passwords sent over insecure networks are liable to sniffing. This well-understood problem is most easily mitigated against using VPN technology but now security …
Odd. I read the article to say that, instead of using biometrics, it's using the body as a network cable of sorts, the signal going through the body instead of through air to reduce sniffing. The fingerprint scanner portion is that it just happens to be common enough to touch and act as a transmitter, but this isn't actually using the scanning of fingerprints to communicate.
In which case, biometrics don't play a part in this, unless that includes 'is currently touching two things at the same time.'
Build a small device that transmits the key at about 85Hz when the owners fingerprint is detected - the owner holds it in their hand and the LF signal goes through the body attenuated to a few milli-volts at the sensor surface. Easy to pick up at the door sensor, very hard to sniff. Why 85Hz - it avoids AC line interference and doesn't radiate much.
"A user would touch the doorknob and the fingerprint sensor on their smartphone at the same time, with their credentials been transmitted through their body rather than over the air."
"The data transmission rate achieved of just 25 bits per second ..."
How long would it take to send a reasonably secure 'key' and how many people would drop their phone before it was complete?
Wouldn't it be easier and more secure to fit a fingerprint sensor on the door instead of relying on possibly corruptable smartphones that need to be managed and maintained?
"Wouldn't it be easier and more secure to fit a fingerprint sensor on the door instead of relying on possibly corruptable smartphones that need to be managed and maintained?"
Easier, sure, as far as the end user is concerned at least. But secure? No, the exact opposite. Biometrics are largely useless for security because they can't be changed; once your password has been compromised once you can never use that finger again for the rest of your life. A smartphone might be hackable, but it's also easy to fix and/or replace if that happens. It's the same as with most things - the more convenient you make it for the user, the less secure it becomes.
"How long would it take to send a reasonably secure 'key' and how many people would drop their phone before it was complete?"
That was already addressed in the article. This was simply a proof of concept demonstration using hardware that was never designed for this use. Obviously the first every horribly non-optimal prototype is not the same setup as would be used several years down the line in commercial applications. You might as well complain that the internet is useless because the first ever telegram transmission had a low bitrate. In any case, 25 b/s still gives only 10 seconds to transmit a 256 bit key. Inconveniently long to wait for a door to open, but most people manage to hold their phones for significantly longer periods than that.
"In any case, 25 b/s still gives only 10 seconds to transmit a 256 bit key."
if you use ONLY ONE frequency to send with, perhaps [I'm guessing they're not using multiple frequencies already]. If we're going to compare to old modems, let's start by sending 'multiple FSK frequency tones' simultaneously. You know, like touch tone phones and old modems. Later we can apply Heddy Lamar's method (spread spectrum), or graduate to full-blown multi-path Q.A.M. (with error correction so you can increase the data rate) to speed it up even further.
just don't chip my head/hands, I don't want the 666. ha ha ha ha ha.
First of all Sun has already done this in the 1990s:
http://www.javaworld.com/article/2076641/learn-java/an-introduction-to-the-java-ring.html
What you can do to actually make this moderately secure is to have a public key authentication scheme. Just have a private key on the device near your body and the public key wherever you want to authorize. This works great for ssh and would eliminate passwords in the browser once browser manufacturers would get off their asses and make TLS client authentication usable.
If you push down the telescopic antenna on a portable FM radio you may well find that it goes silent because of insufficient received signal level. Touch the antenna however and the program comes back. That's a full stereo signal at around 100 MHz mind you, not a couple of dozen bits per second.
I have also noted, with much discomfort, that the human body can conduct signals at 50Hz.
What happens when I'm squeezed like a sardine on the underground ?
Presumably the person standing next to me with their bag/ipad/whatever will be able to receive and transmit through me in the same manner.
This is nearly as bad as the advertising that was considered for the walls of trains that vibrated speech into people who were trying to sleep with their heads against the trains shell.
With a handshake? What to do? Bow like some cultures do?
This gives new meaning to "let's shake hands on it". Of course this might be the idea, but at 25 bits/sec (slow by even 1940's data rates of 45.45/sec) it may take a while.
For the curious 25 bits/sec is about 30WPM in Morse code. Operators in the 30's could do that with lots of practice.
Look at body features to scan before looking at the body flesh for data transmission.
Biometrics are easy to fake, impossible to reset, intrusive and costly on top of contributing to poorer security as outlined in
"Biometrics in Cyber Space - "below-one" factor authentication"
https://youtu.be/wuhB5vxKYlg