Possible Fingerprint flaws
Joe Rice
fingerprint chip based systems using optical or capacitive methods for
reading fingerprint ridges in my opinion may contain security flaws.
Agreed some will have means for detecting a dead or facsimile fingers.
But it occurred to me that modern photolithography techniques could be
used to produce fingerprint moulds with which individuals could impress
the fingerprints of others onto their own live fingers. This process
could be aided by abrading ones own fingerprints and finding a suitable
moulding agent to assist the skin in taking on the moulds impression. As
a further thought any biometric trait that is readably observable will
lend itself to similar modes of attack.
Joe Rice
--
joe...@innotts.co.uk
http://innotts.co.uk/~joerice/
"There is nothing more difficult to take in hand, more perilous to
conduct or more uncertain of success than to take a lead in the
introduction of new things, because the innovation has for enemies
all those who have done well under the old conditions and only
luke-warm defenders in those who may do well under the new "
Paul Rubin
Joe Rice <joe...@innotts.co.uk> wrote:
>This maybe a little off subject. The recent introduction of biometric
>fingerprint chip based systems using optical or capacitive methods for
>reading fingerprint ridges in my opinion may contain security flaws.
>Agreed some will have means for detecting a dead or facsimile fingers.
>But it occurred to me that modern photolithography techniques could be
>used to produce fingerprint moulds with which individuals could impress
>the fingerprints of others onto their own live fingers.
No photolithography needed. I've done it with Elmer's glue, just
for laughs.
dsc...@networkusa.net
Why use finger prints alone when DNA tests are so close of
course see the movie GATTACA (most likely spelled wrong I forget
the DNA building block abbrevs.)
It was a damn good movie.
--
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
ftp search for scott*u.zip in norway
-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
Scott Fluhrer
dsc...@networkusa.net wrote:
> In article <36316112...@innotts.co.uk>,
> Joe Rice <joe...@innotts.co.uk> wrote:
> >This maybe a little off subject. The recent introduction of biometric
> >fingerprint chip based systems using optical or capacitive methods for
> >reading fingerprint ridges in my opinion may contain security flaws.
> >Agreed some will have means for detecting a dead or facsimile fingers.
> >But it occurred to me that modern photolithography techniques could be
> >used to produce fingerprint moulds with which individuals could impress
> >the fingerprints of others onto their own live fingers.
>
> Why use finger prints alone when DNA tests are so close of
>course see the movie GATTACA (most likely spelled wrong I forget
>the DNA building block abbrevs.)
I don't know if you realize this, but things you see in movies are not,
ummmm, real. Movies are usually considered 'Fiction', and often portray
things that do not appear in real life.
In real life, DNA tests take several weeks, cost big $, and do not give
anywhere close to assured authentication.
[Hmmm, should I tell him the bad knews about warp drives. Naaah, I'll
do that in another post]
>It was a damn good movie.
Agreed. However, it was not a documentary.
ps: Sorry if you were trying to make a joke. However, since you hold so
many off-the-wall opinions, I suggest you insert a smiley (:-) if you are
trying to be absurd. Otherwise, how can you expect us to know that it's
intentional?
--
poncho
Douglas A. Gwyn
> In real life, DNA tests take several weeks, cost big $, and do not give
> anywhere close to assured authentication.
That's today, but not necessarily in the near future.
There are several forms of biometrics currently used
for identification/authentication, including
fingerprint scanners, face recognizers, voice
recognizers, retinal scanners, and hand geometry
analyzers. Blood typing could probably be done
except people tend to object to having their blood
sampled for no better prupose than that; DNA testing
could come next. The more tests, in general the
higher the accuracy of the identification, so they
could be used in combination.
W T Shaw
> This maybe a little off subject. The recent introduction of biometric
> fingerprint chip based systems using optical or capacitive methods for
> reading fingerprint ridges in my opinion may contain security flaws.
> Agreed some will have means for detecting a dead or facsimile fingers.
> But it occurred to me that modern photolithography techniques could be
> used to produce fingerprint moulds with which individuals could impress
> the fingerprints of others onto their own live fingers.
>
It entirely matters what is being mapped. A person who seems to
chronically wears surface finger prints off may require several set of
prints over time before getting qualified ones. On, the other hand, if it
is the vascular structuring itself that is being sensed, the surface is of
no real concern.
It is within the scope of such sophistocated processes to be highly
selective as to what is being seen, and recognizing fakes can be made a
priority if needed.
--
---
Please excuse if there are multiple postings for my responses...I have no idea where they come from as I only receive one confirmation for each posting from my newsserver.
---
Decrypt with ROT13 to get correct email address.
Mok-Kong Shen
> There are several forms of biometrics currently used
> for identification/authentication, including
> fingerprint scanners, face recognizers, voice
> recognizers, retinal scanners, and hand geometry
> analyzers. Blood typing could probably be done
A relevant URL is http://biometrics.org.
Just a remark: each technique is non-perfect, is however useful
in certain application envioronments.
M. K. Shen
Mok-Kong Shen
> There are several forms of biometrics currently used
> for identification/authentication, including
> fingerprint scanners, face recognizers, voice
> recognizers, retinal scanners, and hand geometry
> analyzers. Blood typing could probably be done
A relevant URL is http://www.biometrics.org.
Roger Carbol
after that big industrial accident which damaged your hands.
.. Roger Carbol .. r...@shaw.wave.ca .. finger pointing again
Lincoln Yeoh
>It's also somewhat upsetting when you can't access your bank accounts
>after that big industrial accident which damaged your hands.
It's more upsetting if people decide to steal your hands..
That'll give a new twist to the threat: "Hands up!"
I'd cooperate..
Link.
p.s. Lend em a hand? Ick..
****************************
Reply to: @Spam to
lyeoh at @peo...@uu.net
pop.jaring.my @
*******************************
Mike McCarty
involves a man and a woman cutting off an official's thumb so they
could get access to some secure areas.
Mike
In article <36316112...@innotts.co.uk>,
Joe Rice <joe...@innotts.co.uk> wrote:
)This maybe a little off subject. The recent introduction of biometric
)fingerprint chip based systems using optical or capacitive methods for
)reading fingerprint ridges in my opinion may contain security flaws.
)Agreed some will have means for detecting a dead or facsimile fingers.
)But it occurred to me that modern photolithography techniques could be
)used to produce fingerprint moulds with which individuals could impress
)the fingerprints of others onto their own live fingers. This process
)could be aided by abrading ones own fingerprints and finding a suitable
)moulding agent to assist the skin in taking on the moulds impression. As
)a further thought any biometric trait that is readably observable will
)lend itself to similar modes of attack.
)
)Joe Rice
)
)
)--
)joe...@innotts.co.uk
)http://innotts.co.uk/~joerice/
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
Ralf Muschall
> >It's also somewhat upsetting when you can't access your bank accounts
> >after that big industrial accident which damaged your hands.
The main problem with fingerprint authentification for bank accounts
is that it does not help the customer very much:
Simply taking the fingerprint itself in place of a password is a
very bad idea, since the bad guys could carry off the bank's computer
and customer database and abuse it for the identification of
fingerprints which they found in some evidence. You would have
to spend the rest of your live in gloves after having been in
business with such a bank once.
Therefore, the fingerprint needs to be encrypted with a key that
is only in the customer's possession (password, chipcard etc.), and
the bank itself must not have the fingerprint, but only some keyed
hash of it. But this means that he has to either remember some
pass(word|number) or carry a card, i.e. the same inconvenience
that we have now.
> It's more upsetting if people decide to steal your hands..
This already happens. In big cities in Germany, you can buy fresh
fingers for a few 1000 DM. Biometric authentification systems try to
check whether the finger lives (looking at IR absorption, pulse, or
whatever).
[The above informations are mostly from a recent thread called
"Biometrie"
in de.comp.security, the most competent contributions there are IMHO
by L. Donnerhacke.]
Ralf
boyd...@my-dejanews.com
r...@shaw.wave.ca wrote:
> It's also somewhat upsetting when you can't access your bank accounts
> after that big industrial accident which damaged your hands.
The thing that worries me about biometrics is that the token (ie. you)
is inseparable from you, except if it's removed by force. I'd rather
be in a position to give up a token and its code than have my
biometric data removed or kidnapped.
Does anyone remember the scene with the eye and the retina scanner
in _Demolition Man_?
Douglas A. Gwyn
> The thing that worries me about biometrics is that the token (ie. you)
> is inseparable from you, except if it's removed by force. I'd rather
> be in a position to give up a token and its code than have my
> biometric data removed or kidnapped.
The access control system is designed to keep bad guys out,
not to protect good guys from being harmed by the bad guys.
Most such systems rely on multiple tests, typically:
(1) something you know
(2) something you have
(3) something you are
If these are independent, then the chances of a bad guy
successfully faking all of them is negligible.
Coen L.S. Visser
>boyd...@my-dejanews.com wrote:
>> The thing that worries me about biometrics is that the token (ie. you)
>> is inseparable from you, except if it's removed by force. I'd rather
[...]
>The access control system is designed to keep bad guys out,
>not to protect good guys from being harmed by the bad guys.
>Most such systems rely on multiple tests, typically:
> (1) something you know
> (2) something you have
> (3) something you are
>If these are independent, then the chances of a bad guy
>successfully faking all of them is negligible.
I agree that they must be independent so the tests don't weaken each other.
But that doesn't mean multiple tests provide greater strength. Just as applying
multiple encryption methods doesn't allways improve strength. I still believe
that (1) is the safest method.
Regards,
Coen
Ralf Muschall
> The access control system is designed to keep bad guys out,
> not to protect good guys from being harmed by the bad guys.
> Most such systems rely on multiple tests, typically:
> (1) something you know
> (2) something you have
> (3) something you are
> If these are independent, then the chances of a bad guy
> successfully faking all of them is negligible.
The major problem is not faking but abuse (the industry claims
to have solved the problem of disconnected fingers etc.).
The bad guys can take a fingerprint scanned from the knife
in somebody's back and the backend [1] of the authentification
machine of a bank and scan the bank's database for the suspect.
To avoid this, you need to combine (3) above with either (1)
or (2) in order to encrypt the (3) and to stop the bank from
*knowing* (3). This means that the main intended advantage --
convenience by avoiding (1), (2) -- is lost.
[1] e.g. a function: (bitmap,person_name) -> boolean.
Ralf
David P Jablon
>>[...] Most such systems rely on multiple tests, typically:
>> (1) something you know
>> (2) something you have
>> (3) something you are
>> If these are independent, then the chances of a bad guy
>> successfully faking all of them is negligible.
In article <71atap$jgb$1...@nbox.wins.uva.nl>,
Coen L.S. Visser <clvi...@gene.wins.uva.nl> wrote:
> I agree that they must be independent so the tests don't weaken each other.
> But that doesn't mean multiple tests provide greater strength. Just as applying
> multiple encryption methods doesn't allways improve strength. I still believe
> that (1) is the safest method.
While knowledge-based authentication is important, the nice thing
about having three categories is that each has strengths that the
others can't match. While it's fashionable for product vendors
to highlight one category, while slamming all others,
I really prefer the more enlightened philosophy.
I too think it's best to use two or more independent methods
from different categories. And, as Coen suggests, one must combine
them artfully to get one method's strength to cover the weakness of
the others.
(FYI, my web page below is devoted to "independent"
methods for knowledge-based authentication -- how to
verify passwords without unnecessarily depending on
stored-keys, smart-cards, biometrics, or a PKI.)
------------------------------------------------------
David P. Jablon
Integrity Sciences, Inc.
d...@world.std.com
<http://world.std.com/~dpj/>
David P Jablon
Ralf Muschall <rmusch...@t-online.de> wrote:
>
> The major problem is not faking but abuse (the industry claims
> to have solved the problem of disconnected fingers etc.).
>
> The bad guys can take a fingerprint scanned from the knife
> in somebody's back and the backend [1] of the authentification
> machine of a bank and scan the bank's database for the suspect.
While some might argue that the real "bad guy" here is the
slasher, rather than the database thief, this does raise
an important point.
The mis-use of stored biometric data needs to be prevented
by a clear policy, which is enforced by the bank, and perhaps
the law. I don't think that cryptography is either necessary
or sufficient to solve the problem, although it can help.
> To avoid this, you need to combine (3) above with either (1)
> or (2) in order to encrypt the (3) and to stop the bank from
> *knowing* (3). This means that the main intended advantage --
> convenience by avoiding (1), (2) -- is lost.
I don't see how using either knowledge-based (1) or token-based (2)
authentication avoids the need for stored biometric data.
And as far as I know, the main intended advantage of a pure
biometric (3) system is the user's convenience, which is
a separate issue from invasion of privacy.
But of course I agree that combining (1) or (2) with (3) can
result in a stronger system.
-- David
Coen L.S. Visser
><gw...@arl.mil> wrote:
>>>[...] Most such systems rely on multiple tests, typically:
>>> (1) something you know
>>> (2) something you have
>>> (3) something you are
>Coen L.S. Visser <clvi...@gene.wins.uva.nl> wrote:
>> I agree that they must be independent so the tests don't weaken each other.
>> But that doesn't mean multiple tests provide greater strength. Just as
>> applying multiple encryption methods doesn't allways improve strength.
>While knowledge-based authentication is important, the nice thing
>about having three categories is that each has strengths that the
>others can't match.
I've been thinking about it and must admit that the combination of the three
tests makes the authentication procedure as a whole stronger. My critique is
aimed at the marketing of biometric tests as a single identification solution.
They are really insufficiant when security really counts.
Regards,
Coen
Ralf Muschall
> While some might argue that the real "bad guy" here is the
> slasher, rather than the database thief, this does raise
> an important point.
I always use such an example when speaking about this topic.
This (1) shocks people and (2) makes the separation of technical
and ethical topics more clear. Of course, you can always replace
"slasher" by "member of an unwanted but legal political movement",
"knife" by "book" etc.
> The mis-use of stored biometric data needs to be prevented
> by a clear policy, which is enforced by the bank, and perhaps
> the law. I don't think that cryptography is either necessary
> or sufficient to solve the problem, although it can help.
I'm not that optimistic about laws etc. -- remember that
"security" is the root password for the constitution (not
my idea -- I found this many years ago in this group).
IMHO a security system should be considered acceptable [1]
only if it is resistant not only against trivial attacks by
thieves and fakers, but also against abuse by those in power
(e.g. collaboration (possibly forced) of bank and law enforcement).
[1] This is not a cryptographic statement, but a different
design goal.
> > To avoid this, you need to combine (3) above with either (1)
> > or (2) in order to encrypt the (3) and to stop the bank from
> > *knowing* (3). This means that the main intended advantage --
> > convenience by avoiding (1), (2) -- is lost.
> I don't see how using either knowledge-based (1) or token-based (2)
> authentication avoids the need for stored biometric data.
You don't store the fingerprint, but e.g. DES(key,fingerprint),
where <key> is on the token and nowhere else. (The need to create
the token in the first place makes this a little more complicated).
The bad guys don't have the key, so they can't identify anybody.
> And as far as I know, the main intended advantage of a pure
> biometric (3) system is the user's convenience, which is
> a separate issue from invasion of privacy.
Agreed, and this is just the problem: Many people will prefer
the more convenient system without thinking about the privacy
problem until it is too late.
> But of course I agree that combining (1) or (2) with (3) can
> result in a stronger system.
I'd say in a system fulfilling different needs, without
consideration which one is stronger.
Ralf