Synaptics Talks Data encryption vs. Data Scrambling
If you had cable TV back in the day when set top boxes were a novelty, you might remember how the channels you didn’t pay for were scrambled. This scrambling meant that the image was wavy and wouldn’t show up, but you could hear what was going on since audio was unaffected. Synaptics recently looked at scrambling of this type versus encryption. Specifically they looked at the use of each technique when it came to biometric security.
Apparently to save some money, some current biometric fingerprint security tech uses scrambling rather than encryption when it comes to passing the actual image of the fingerprint between the sensor and host CPU. Synaptics says that it was able to run a security demo where it captured these images and was able to deduce the algorithm used to scramble the image and then descrambled it.
According to Synaptics, in its demonstration it was able to take the smartphone of a volunteer and do all the work needed to secure and print the person’s fingerprint with conductive inks and access their smartphone within ten minutes. Synaptics says that data scrambling will not thwart sophisticated hackers.
It will come as no surprise that Synaptics used this demonstration to push its own fingerprint sensors because it uses SecureLink to protect data lines between the sensor and host. Synaptics uses Transport Layer Security or TLS 1.2 as the communication protocol for a trusted and private link between the fingerprint sensor and the driver on the host. TLS is an updated version SSL that is used to secure web transactions. Synaptics then encrypts data between the sensor and host using AES-256 algorithm. Synaptics says that to brute force AES-256 would take 50 supercomputers able to check a billion billion keys per seconds 3×10 to the 51st power years.