Slashdot Mirror
Sony's New Personal Fingerprint Scanner
MelloDawg writes: "This article at SecurityWatch.com describes Sony's new fingerprint verfication device that fits in your wallet and uses public key infrastructure." Of course, if the prints are never transmitted and the scanner is personalized for each user, it seems like Sony'd like everyone to have his own scanner -- how convenient.
From the linked site: It contains USB drivers for Windows(R) 98 and 2000 and there is a serial cable available for use with Windows NT(R) systems.
Shouldn't be too much trouble to interface to Linux through the serial option for now (though it does load the system more than USB - and we'll have USB support soon enough.)
Also from the site: Sony is working with Entrust Technologies and I/O Software Inc., to allow them to develop specific software applications and is also actively looking to work with other software providers in the infosec field
It's unlikely that they will be providing open-sourced drivers at first (Sony haven't really "jumped on the open source bandwagon" yet) but with Linux becoming more popular all the time, it's likely that demand will convince them to build drivers.
They'll almost certainly be building drivers for various UN*X systems because, despite Microsoft's efforts to push NT, there are many large institutions which will pay megabucks to have a more secure way of authenticating users that just works! The weakest link in most security is the users themselves, and the pathetic passwords most people choose.
Fingerprint assisted password protection would be much stronger, and I doubt Sony will restrict themselves to a single OS manufacturer if they're getting so many companies to write drivers.
I recently went on a (sales) tour of Globix's new facility in downtown Manhattan. The doors, even the racks and cages, have fingerprint scanners (in addition to scan cards and regualr physical keys). Why do I bring this up?
We jokingly asked "What happens if someone cuts off your finger?"
Deadpan, the tour guide says "There's a body temperature scanner built in, so that wouldn't work".
:-)
Of course, this doesn't change the fact that fingerprint-only protection for a private key is not as great as it may seem. Especially when it's being done by a company like Sony, who's typical response to the thought of having unique, per-device keys is "That's too expensive."
-----
Klactovedestene!
That doesn't seem like too big a concern. It would only give out the information through the USB port when the fingerprint matched, so you wouldn't be able to just plug it in and get the info. You'd have to open it up and disect the circuits, and I'm sure they could make it very, very difficult to get the data out. Assuming they could, though, you're right; they'd have your data. But how much worse would that be than having your credit cards stolen?
Hmm. If it could be restructured slightly to be compatable with the OpenPGP standard, I can see how this could be very useful indeed.
Store a standard PGP key inside it, with the code to decrypt and digitally sign built in. Lock the key, not with a passphrase, but with a unique hash from the biometric data; user presses thumb to scanner, device goes "live" and accepts data from PC interface to sign or decrypt; after sixty seconds, device signs off and requires another scan to go live again. Add a suitable "cradle" interface, and it could form a digital credit-card / debit card that is personalized to the carrier, and can be simply dropped into a cradle at the checkout when your purchases have been scanned...... Only real problem would be if you damaged the fingerprint - and there is no reason why the key can't be stored ten times, one per digit.
--
-=DaveHowe=-
Rusty deletes (First post) comments from (Natalie Portman) Kuro5hin only (MEEPT!!!) when they (Hot grits down your pants) are grossly (IF I EVER...) off topic. If you have something childish to say, say it on Hotgrits: News for Trolls. Stuff that matters.
Will I retire or break 10K?
Annother important point when talking about biometrics is the fact that your finger doesn't change much. In effect you will be using the same passphrase at multiple organizations that require the fingerprint scan. What's to say that an unscrupulous organization won't record your fingerprint scan and replay it to other machines, or use it to create a prosthesis that can mimic your finger in any way that is important for the scanners (I think they determine live/deadness by the conductivity of the tissue, which is a measurement you would have)
These scanners could go a long way towards addressing this. Each user could have their own, trusted, scanner that merely unlocks a crypto key(s) on board that are actually used to authenticate. If the hardware was open enough so you could trust is this could be a very good thing.
-- Remember: Wherever you go, there you are!
I think that this technique would also make an excellent trigger-lock for a gun. Perhaps a gun that has such a scanner built into its side so that it scans when picked up. Assuming the authentication is fast enough, I would expect to see a partnership between Sony and some gun manufacturer pretty soon. Overall, a small fingerprint authenticator would have applications anywhere where some relatively small device needs to be used by a limited number of people.
This sounds to me like a *very* good rendition of SecurID. Not only does it have a safety margin in the way of fingerprints, but it does not rely on time / random number generation and would not need to have a central server in theory...
:)
You would think that needing a scaner for every user would be a detriment, but, i belive that it would actually be an asset. I mean think about it, you would be able to store the public and private keys on the card, which would pretty much make it something like a extremely secure credit card.
Oh well, i am goning to need to get me one of these soon
Yet another closed standard.
I get the feeling someone at sony heard the phrase: "standards are great, everyone should have one", and took it seriously!
___
Although it may be a little bit melodramatic and overly zealous, there are a few valid points brought up in the post.
The quality of posts that get moderated up to +5 (in particular +5 funny) is really getting more and more lame.
I agree with this. although I may not be the best at creating brilliantly innovative, informing, or humorous posts, I think that many of the level 5 posts are not quite up to the level they should be. I think many moderators are influenced by the "me too" phenomenon, and automatically mod a comment based on the reactions of the first moderation. This causes some posts to unfairly get knocked to troll status, and other "okay" comments to get promoted to the status of greatness which they dont really deserve.
This "lameness filter" bullshit has to go, the moderation bullshit has to go. I think free-speech has all but vanished on this site.
Although this is a bit overrated, the moderation does interfere with free speech on the site. Fundamentally, free speech is the ability to be heard by the community when and where you need to. Since the average slashdot reader is more likely to read a topic up at the 3-5 level, those who have been modded down are not getting the attention they really deserve. And, if the topics are knocked down just because they are offtopic, it becomes even worse. How is one supposed to bring an issue to the attention of the community if there is no place to do so?
Although it may not amount to anything at all, hopefully some change for the better can come of this. Please though, for all the reasons mentioned above, don't knock this reply or its parent down just for standing up.
______________________________
--------------------------------------------
--------------------------------------------
"
You know, there's no doubt in my mind that this will be better than passwords. Given that my fingers are a part of me, I can't forget them at home. So, I guess that it's better than the classic yellow sticky on the side of the monitor. But I wonder if this won't wind up being less useful than it appears at first glance. Sure, no two people's fingerprints are alike, but that's only half the story. Using biometric data assumes there's no way to create a mechanical device that simulates the fingerprint. I wouldn't want to bet a lot of money on that not being possible -- and using my fingerprints to unlock my bank account is doing just that.
I've got better things to do with my life. back to your Hot Grits, little troll......
--
-=DaveHowe=-
With such a system, the risks are far greater than with simply using a regular, proven piece of software, with a passphrase. Have enough RAM so as not to need a swap partition or swapfile, and you avoid the risks of the passphrase being written to disk; a utility can then be used to "wipe" the RAM on shutdown and startup, to avoid a well-funded intruder with physical access to the machine being able to inspect the residual charges in the RAM, if this is a real security concern. The only real danger then is an intruder installing a keyboard sniffer, but an intruder who could do that would as easily be able to install software to capture the authentication from this fingerprint device. The inherent problem with a piece of hardware like this is that you can't be sure how secure the implementation is, whereas with open-source software the implementation can easily be reviewed. Rest assured that this hardware very likely has a security flaw--possibly one requested by the FBI/NSA, for "investigative" purposes. Remember the "Clipper Chip" initiative? Just because the FBI and NSA didn't win that argument doesn't mean that they haven't requested, and been granted, workarounds to the security afforded by other security devices. Trust only systems with *full documentation* which is publicly viewable.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
Biometric authentication alone is one of the stupidest things ever devised.
Imagine this scenario:
1. fingerprints become common as identification,
replacing passwords.
2. someone figures out how to copy fingerprints
and use them as auth.
What do you do? 'Rotate your fingerprints'?. Yeah, right.
Tying authentication to an irreplacable body part is a bad, bad idea, except in the most extreme circumstances.
SecureID, S/Key and other challenge/reponse or one-time key systems are far better for 99.99% of all uses. At least you can replace/regenerate them...
Chris.
-- I don't have a cool sig.
I think everyone should be able to vote on a post... let the score reflect the total of all votes applied to it.
How about a system where any logged in user can rate any comment from 1 (hot grits) to 5 (gem), and the displayed score is the average of all votes applied to it? I'd call it Kuro5hin.
Will I retire or break 10K?
This device (and most of biometrics) is a fraud and merely security through obscurity. Once someone figures out how the card works, then it should be fairly trivial to build a device which opens the card up and grabs your public and private keys.
With PGP and GPG, there's a passphrase to prevent having physical access to the device instantly revealing the private key. You can't really do this with fingerprints (or other biometrics) since the fingerprint cannot be used as a key. The digital image of your fingerprint varies from impression to impression so the device has to ask itself "is this close enough to Alice's finger?" instead of using it as a key.
Even if they could use the fingerprint as a key (perhaps some abstract description of the fingerprint which doesn't vary much), then all you need is a sample of the fingerprint which is fairly easy to obtain. It doesn't even need to be off a live finger - any tests in the device for heat or circulating blood can be bypassed since they can exist only as physical prevention mechanisms, not mathematical mechanisms.
The only really legitimate use of biometrics is if you have secured hardware with trusted guards (i.e., real people) watching that you don't mess with the hardware and that you really are presenting your actual finger or retina. And even this shouldn't be trusted for very important things unless you have several guards at each machine, all resistant to bribes.
Biometrics on a card would prevent only very unsophisticated attacks from people unfamiliar with the cards. If your attackers won't have physical access to your card, then using PGP or GPG without a passphrase is just as secure and more convenient.
Read Bruce Schneier's take on biometrics here.
In the recent "Our Attorney's Response To Microsoft" article, the Andover attorney stated that "as a general matter, it is the policy of Slashdot not to interfere with or censor the communications of its users." This is a blatant lie. "Bitchslapping," and "lameness filtering" ARE interfering with the communications of Slashdot's users.
How is this a lie? Slashdot employees don't moderate, slashdot readers do. I just moderated yesterday and I certainly don't work for Andover or Slashdot. Read the moderation page sometime to see exactly how slashdot moderation works. Moderation works like elections, a few do it and they represent the whole (yep, the same way the U.S. president gets elected by the electoral college and not the American public). If you have a problem with slashdot moderation (specifically bogus +5 scores)don't blame Rob Malda, blame the real culprit the average slashdot reader, moderation selects people at random and asks them their opinions, unfortunately as Signal 11 has shown the average slashdot reader is into demagoguery and dogma, not criticism or conflict.
Frankly if you want to discuss moderation I would suggest visiting the Slashdot Moderation Forum instead of posting offtopic rants to news articles.
Well, I love the idea, but there are some problems. A friend of mine, a very very good friend blow ALL his fingertips of in an accident several years ago and he don't have any fingertips left and I don't think he is alone, so whay should he do if fingerprints become the only solution? Fingerprints IS a great and easy way to identify people if they have fingers, but do the people behind theese devices think about a solution for people who can't use fingerprint devices? Magne
Rob lets you create your own discussion forum? Yes. Does the sid=moderation forum cost you any money? No. Is Rob providing you with your very own forum out of the kindness of his heart? Yes. Does he complain to you about the waist of hard drive space on his server? No.
Pardon me if this sounds to blunt, but you're ungratefull and rude.
You piss on someone elses carpet and then complain about the color of the stain? If you don't like it get the source and build your own.
I still fail to see how anyone is interfering or sensoring your comments.
___
Talk about security.... Wanna meet someone? make sure their prints check out. Pretty interesting gadget..... If sony's their REAL name.
-----
Score 3? For what? Being wrong, at length? - smirkleton
Why would a scratch be a problem in this case. I used the Veridicom sensor before with the LBV Server backoffice product, and you can specify more than one finger to make sure you can enter even if you hurt your primary finger. (But a small scratch didn't reject me trying to access the building.)
StarTrek.org Free Webmail
Damn, people, just because you lose your finger should this painful experience become even worth after you realize that all your passwords just invalidated and you can not open your email or your bank account information from the web? There are more advanced solutions for physically secured systems such as biometrics http://www.dmoz.org/Computers/Se curity/Biometrics/ - check this out.
My favorite biometric is retinal scan: http://biometric-consulting.com/bio.htm its accuracy is 1:10,000,000. Finger print accuracy is only 1:500
I just don't think Fingerprints are good enough for computer security, plus I don't like anyone touching my hardware with their greesy fingers!
You can't handle the truth.
you can always sell hardware.
--
+&x
If we're going to use some sort of physical token I much prefer something clean like the Swatch Access than a messy, oily fingerprint that might not work if you scratch yourself while gardening.
Desktop biometric scanners that transmit the biometric through an insecure network to a server for verification are a fraud and security through obscurity (don't laugh, people actually do this kind of thing). This device, while not perfect, looks like it can offer some real security because it performs the verification internally.
A quote from the article you are linking to:
"Biometrics are powerful and useful, but they are not keys. They are useful in situations where there is a trusted path from the reader to the verifier."
In this case there is a trusted path from the reader to the verifier because they are both inside the same tamper-resistant pacakge (no, not tamper-proof, there is no such thing).
"Trusted" is always a relative term and depends on the resources available to your opponent. If your opponent is a foreign government then even secure (breakable) hardware and (bribable, killable) guards may not be enough.
I don't know how many casual attackers have access to a focused ion beam workstation and the knowledge required to operate it and try to crack a multilayer tamper-resistant chip. See this article for more information about the techniques used to crack smartcards. Remember that this device is thicker and more expensive than a smartcard and could theoretically provide much better tamper resistance.
Correctly applied biometrics can let you have some security even when facing intentional misuse. I'd rather have access to my medical information protected by this kind of biometric token rather than a password that will end up on a post-it note on the secretary's monitor or a smartcard that will be "shared" because it is not tied to a specific person. Experience has shown that most people will bypass security in every imaginable way. Biometrics can help enfore an organization's security policy under these conditions.
Personally, I will stick to my passphrases (6 words, at least 2 of them not in any dictionary...)
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
It isn't yet widely used, though, and does lack some features necessary for it to be truly a filtering system, rather than just ordering. Time will tell. :-)
--
There is no K5 cabal.
I am not the real rusty.
I see two problems with that:
1) Everyone has their own. Geeks like us come along and buy two: A control and a subject. In no time a few people understand exactly how they work and how the data is stored - and with the public and private keys on each one, well there's nothing secret.
2) Someone steals your scanner which not only has your public key, but your private key as well, and you've lost your copy altogether.
Nu?
OFTC: By the community, for the community
However, what concerns me is whether or not this type of thing will be actually allowed for use by the U.S. government. Since everyone has his or her own unique fingerprint -- after all, the police use fingerprints to identify suspects -- that means there must be a lot of different factors and variables that go into a fingerprint. Doesn't that mean that a fingerprint has too many "bits" of information and couldn't be uploaded under current export restrictions?
It's sad to see the United States government is holding back technological progress by attempting to impose its own short-sighted laws on the rest of the world. I'd love to have a personal fingerprint scanner -- how about you, Bob Dole?
Yu Suzuki
Yu Suzuki
Deamcast. It's thinking.