Scanning the fibres, furrows and freckles
October 1, 2010 10:45 AM Subscribe
"What the Mayfield case teaches about biometrics in general is that, no matter how accurate the technology used for screening, it is only as good as the system of administrative procedures in which it is embedded." The Economist outlines some of the problems with biometric passports. There are lots of them: "...biometric recognition is not only “inherently fallible”, but also in dire need of some fundamental research on the biological underpinnings of human distinctiveness."
An earlier article about the practicalities of travelling with a biometric passport.
An earlier article about the practicalities of travelling with a biometric passport.
Yeah, we're seeing a lot of these problems cropping up. Even the "gold standard" -- DNA -- is showing some genuine problems. Put simply, random markers aren't:
http://www.washingtonmonthly.com/features/2010/1003.bobelian.html
http://www.washingtonmonthly.com/features/2010/1003.bobelian.html
In 2005, Barlow heard that an Arizona state employee named Kathryn Troyer had run a series of tests on the state’s DNA database, which at the time included 65,000 profiles, and found multiple people with nine or more identical markers. If you believe the FBI’s rarity statistics, this was all but impossible—the chances of any two people in the general population sharing that many markers was supposed to be about one in 750 million, while the Database Match Probability for a nine-marker match in a system the size of Arizona’s is roughly one in 11,000.posted by effugas at 11:12 AM on October 1, 2010 [3 favorites]
Barlow decided to subpoena Troyer’s searches. To her surprise, she discovered that Troyer had unearthed not just a couple of pairs who shared nine identical markers, but 122. "That was a ‘wow’ moment," Barlow recalls.
What the Mayfield case teaches about biometrics in general is that, no matter how accurate the technology used for screening, it is only as good as the system of administrative procedures in which it is embedded
More of a caveat to any method or process. Canada's first biometrics field trial ended a couple of years ago, report here.
posted by variella at 11:20 AM on October 1, 2010
More of a caveat to any method or process. Canada's first biometrics field trial ended a couple of years ago, report here.
posted by variella at 11:20 AM on October 1, 2010
The lack of research into the variability of the trait being measured is a problem throughout forensics.
posted by sfred at 11:28 AM on October 1, 2010
posted by sfred at 11:28 AM on October 1, 2010
Biometric identification can even invite violence. A motorist in Germany had a finger chopped off by thieves seeking to steal his exotic car, which used a fingerprint reader instead of a conventional door lock.
Couldn't they incorporate something to sense temperature and blood-flow to make sure that the eyeball/finger being scanned is still attached to the person to whom it belongs?
posted by empatterson at 11:29 AM on October 1, 2010
Couldn't they incorporate something to sense temperature and blood-flow to make sure that the eyeball/finger being scanned is still attached to the person to whom it belongs?
posted by empatterson at 11:29 AM on October 1, 2010
I'm terrified of those iris scans because I have a history of eye problems that might affect how I appear to a biometric scanner and/or might make it hard for me to sit still for a scan. I know I'm not the only person with this problem either. I'm wondering what the ADA will have to say about biometrics and when someone will have to invoke it to get a passport and travel on it.
posted by immlass at 11:29 AM on October 1, 2010
posted by immlass at 11:29 AM on October 1, 2010
The Mayfield case, at least going from this article's description of it, seems like a poor choice to support their argument:
posted by hattifattener at 12:28 PM on October 1, 2010
A court found the fingerprint retrieved from a bag of explosives left at the scene, which the Federal Bureau of Investigation (FBI) had “100% verified” as belonging to Mr Mayfield, to be only a partial match—and then not for the finger in question. […] But in its rush to judgment, the FBI did more than anything, before or since, to discredit the use of fingerprints as a reliable means of identification.The biometric techniques themselves, apparently, weren't called into question; it's just that the FBI was falsifying the results.
posted by hattifattener at 12:28 PM on October 1, 2010
From a security standpoint, fingerprints are a terrible "unique identifier". You leave copies of them everywhere you go, which can be easily picked up, stored & printed out for use by anyone who finds them. Just because they have a history of use that goes back many years is not good enough reason to keep using them now.
posted by scalefree at 12:40 PM on October 1, 2010
posted by scalefree at 12:40 PM on October 1, 2010
No, from a security standpoint, fingerprints are a reasonably good unique identifier. What they are not is a good authenticator.
posted by hattifattener at 1:02 PM on October 1, 2010
posted by hattifattener at 1:02 PM on October 1, 2010
Couldn't they incorporate something to sense temperature and blood-flow to make sure that the eyeball/finger being scanned is still attached to the person to whom it belongs?
The problem is the distinct shortage of people willing to have their fingers cut off in the name of science. This basically means that none of the players -- the buyers, the attackers, or the vendors -- really know if the liveness tests work.
Which, to be honest, they don't. (One of my favorite hacks of all time was done by these crazy Japanese kids...they hacked a handprint scanner that used electrical characteristics to validate liveness...with a nice, fresh, Kobe steak. It worked.)
No, from a security standpoint, fingerprints are a reasonably good unique identifier. What they are not is a good authenticator.
Yeah, somehow I think people are looking less for a username and more for a password.
posted by effugas at 1:12 PM on October 1, 2010
The problem is the distinct shortage of people willing to have their fingers cut off in the name of science. This basically means that none of the players -- the buyers, the attackers, or the vendors -- really know if the liveness tests work.
Which, to be honest, they don't. (One of my favorite hacks of all time was done by these crazy Japanese kids...they hacked a handprint scanner that used electrical characteristics to validate liveness...with a nice, fresh, Kobe steak. It worked.)
No, from a security standpoint, fingerprints are a reasonably good unique identifier. What they are not is a good authenticator.
Yeah, somehow I think people are looking less for a username and more for a password.
posted by effugas at 1:12 PM on October 1, 2010
Yes, a password that isn't secret, requires expensive hardware, must be the same for every service and site you use, and can't be changed. In other words, biometrics are complete shit. Physical keys would be better.
(Good keys, like Schlage Primus.)
posted by ryanrs at 2:16 PM on October 1, 2010
(Good keys, like Schlage Primus.)
posted by ryanrs at 2:16 PM on October 1, 2010
When I bought my TabletPC, I went on a spree trying to get all the goodies working with Ubuntu. One of the hardest wasn't the wacom device, but in fact the fingerprint scanner. The basic scenario is that people don't want to type in a password at every password prompt, which may involve switching in and out of tablet form.
A few things became apparent during the course of the work:
1) Good fingerprint systems are actually banned from export to certain countries like Iran. I'm not sure why. So most hardware is built into the laptop, the specs are closed and the vendors recalcitrant to talk about them. For a while there was concern about legally shipping source code from the US, but it seems like the customs / state dept is okay with it if it's open source.
2) Your fingerprints can show up very nicely on tablet screens. It's like having your password on a stickynote taped to the monitor, securitywise.
3) Fingers change. Cut your finger? Get a wart? Lose a finger? Hope you have a password alternative.
4) Fingerprints are noisy. Authentication is done by fuzzy matching an input scan to a set of "features". Lots of people imagine their fingerprint is stored as an image somewhere, but as best as I can tell, on my UPEK it's not.
5) Fingerprints are noisy. You'd be surprised how many people want to decrypt things with fingerprints. Like your GNOME keyring, or encrypted home directory. I understand the desire, but between points 3 and 4, you can't create a consistent mathematical key with the input. The most secure thing I can think of is storing a key on the fingerprint chip itself and only letting sending it out after a valid print. But you'd also need to stop people from changing the print without first scanning the old one. Which brings us back to 3.
posted by pwnguin at 2:23 PM on October 1, 2010
A few things became apparent during the course of the work:
1) Good fingerprint systems are actually banned from export to certain countries like Iran. I'm not sure why. So most hardware is built into the laptop, the specs are closed and the vendors recalcitrant to talk about them. For a while there was concern about legally shipping source code from the US, but it seems like the customs / state dept is okay with it if it's open source.
2) Your fingerprints can show up very nicely on tablet screens. It's like having your password on a stickynote taped to the monitor, securitywise.
3) Fingers change. Cut your finger? Get a wart? Lose a finger? Hope you have a password alternative.
4) Fingerprints are noisy. Authentication is done by fuzzy matching an input scan to a set of "features". Lots of people imagine their fingerprint is stored as an image somewhere, but as best as I can tell, on my UPEK it's not.
5) Fingerprints are noisy. You'd be surprised how many people want to decrypt things with fingerprints. Like your GNOME keyring, or encrypted home directory. I understand the desire, but between points 3 and 4, you can't create a consistent mathematical key with the input. The most secure thing I can think of is storing a key on the fingerprint chip itself and only letting sending it out after a valid print. But you'd also need to stop people from changing the print without first scanning the old one. Which brings us back to 3.
posted by pwnguin at 2:23 PM on October 1, 2010
The problem is the distinct shortage of people willing to have their fingers cut off in the name of science. This basically means that none of the players -- the buyers, the attackers, or the vendors -- really know if the liveness tests work.
I just read a great book about the R&D industry and cadavers.
posted by empatterson at 7:35 PM on October 18, 2010
I just read a great book about the R&D industry and cadavers.
posted by empatterson at 7:35 PM on October 18, 2010
« Older The humor writing of Miles Kington | If it piles, we post it Newer »
This thread has been archived and is closed to new comments
posted by Samuel Farrow at 10:56 AM on October 1, 2010