Slashdot Mirror
Mouse That Scans Your Fingerprints
Pac writes: "The U-Match mouse has an embedded fingerprint scanning device. It is currently available only for Windows 9x/NT, but Biolink says it will have a Unix\Linux version by the end of the year and a Mac version in the beginning of 2001." I've been eyeballing finger scanners since I saw a nifty one that worked through PAM at a tradeshow one time: I still think it'd be very convenient if it worked, but I'm very skeptical that something like this could gain widespread acceptance.
First off, it's optical recognition. Pretty much means that "rubber finger" is quite likely to work. (Compaq's optical scanner was recently spoofed using a flashlight. The print was already on the glass, so the flashlight just fooled it into taking the image on the glass)
Secondly, How often do you replace your mouse? Mine last about 1.5 years.
The best quality is that the hardware captures the minutae. Fairly advanced, IMHO (If, in fact the hardware does actually do this.)
Probably the best finger scanning technology is (ahem, plug) by ethentica. We use a plastic with embeded phosphors over a glass CCD. (Abour 1/16" thick.. 500 DPI) The scan can only be induced by having a live finger because of the electrical properties we use to detect a finger. Also, there is no glass to clean regularly. The plastic is cheap, and lasts for millions of scans. And it's the smallest of all.
Pan
I said no... but I missed and it came out yes.
--
How come all these computer vendors are designing parts we do NOT need? I mean, I know how cool fingerprint scanning is -- we've been exposed to it our entire lives, in movies and such. But there's no substitute for a good password. To me, fingerprint scanning is just a Bad Idea.
Here's why: It'll create a black market for fingers.
Think about it! If you want access to someone's financial history, personal information, bank accounts, complete LIFE, all you need to do is chop off a finger or two! Don't think criminals wouldn't be able to go through with this -- it's very easy to see an organized crime syndicate pop up that specializes in fingers, eyeballs, even larynx's if we go as far as to implement widespread voice recognition as a way of identification.
We already have password sniffers -- that's bad enough, but at least it's intellectual theft. We don't need theft of body parts to accomplish the same goals.
Thank you.
Why would I want one of these?
At home, to prevent unauthorized access? If you're that worried about the wife or kids finding your porn collection, encrypt it.
At work, to prevent unauthorized access? If you're the sysadmin, this might be a good security measure for your terminal, but do you really want to make things that much harder for Joe Temp to work at whatever desk is available?
What I really see it being used for is tracking users, in a way which can provide legally binding evidence.
Why does everyone mention ATM security as a good reason for top security. Its not my money... its the banks money if it gets ripped off and I'm not going to use a system that I can't instruct another person to use on my behalf.
What I want is decent security for my front door so I don't have to hold a collection of nice 1960's pickable keys and no real authentication. I basicly want my front to be unlocked for me and locked for everyone else.
I've used a competeing device (sajin?) for a bit on a Win NT box. It was a pain to use since it added even longer to the three finger salute login. It worked ok in the house were several people used a common computer but if you knew someone elses password, you could still get in. The worst part about it is that the mouse had two buttons and no wheel so its not even in the realm of being a real mouse.
I found that the "finger print scanner" program could be fooled into to taking a picture of what was already on the glass and with the right combination of red and IR I expect you could build a keychain sized device to trip these things up.
No thinks, I'll use real security.
Sorry CmdrTaco, I just had to chime-in on this one!
Others have already commented on the possible privacy implications here. And I agree with them. I remember it said that our Social Security #'s were never meant to be used as I.D. except for the purposes, and business of maintaining one's SS account. Now it's used by everyone and everything as an additional ID.
Next we'll have retinal-scans, blood samples, skin-samples and what-ever-else, where users will gleefully participate in. With such data one's general health, use of illegal drugs, etc. will be used by law-enforcement, insurance companies, pharmaceutical companies, and others to "better serve the needs of the public" ( read into this as you wish ).
So I'm paranoid. But I'm also an old fart that has seen ALOT in my years.
Guyote was here.....
Okay, so, my password is permanently attached to my body and I can't change it, but anyone can use a password-equivalent hash to falsify my identity/authorization?
greeeeaat...
DNA just wants to be free...
If you want fingerprint identification for Linux right now, check out American BioMetrics and their BioMouse (around $100). Although they don't ship Linux drivers, there are drivers available from MUSCLE on this page.
---
Having written POS software to read those strips, the record goes something like this:
ID#
FIRST NAME
MIDDLE INITIAL
LAST NAME
WEIGHT
HEIGHT (in inches I think?)
EYECOLOR (lookup.. don't remember the records)
But there is some "trash" as the end of the record. Actually,quite a bit. (I had previously thought it was a hash of the data)
It is quite possible to store your fingerprints on the card as well (Cards typically hold about 1-4Kb).
Using minutae-extraction can give you a "starmap" of x,y,theta values. Most people have about 20-30 useful points. (400 bytes is the industry average)
Nobody expects the spanish inquisition!
Pan
I said no... but I missed and it came out yes.
Here in Geneva, Switzerland, there's been such mice for sale at the computer floor of a big departmen store. They cost around US $120.
They've been there for months.
.m
-- It's always darker before it goes pitch black.
Before spouting off about how terrible these solutions are and how they present a risk to security, you should read Applied Cryptography (which explains how most of these issues are solved problems) and check to see that the vendors of these products have also read the relavent literature.
-pjf
You didn't read the article did you? That's okay, just read this post, and you'll quickly realize the solution to your pseudo-problem.
Fingerprint?
I won't trust these things until I can use urine.
There would be at least one benefit, I can set a preference oh how low my alcohol level is set before I start buying stuff online.
Imagine walking up to a public terminal with such a mouse. You do some web surfing or check your email. Now the administrator of that system has your fingerprint on file.
When a crime is commited in the area, the FBI subpoenas the fingerprint database to look for the crimanal. Might as well just have a national database of fingerprints of non-criminals.
Or perhaps the administrator of that system simply decides to use your fingerprint to act as you, messing around with your finances.
No, fingerprint scanners should be separate devices that are intentionally activated by the user.
So they're only recording a signature derived from the fingerprint (a one-way hash or such)? That doesn't matter. If the same system is used elsewhere, then the same signature can be used in a replay attack. The signature can be used to trick another system into thinking it just read a fingerprint, when instead, it is just the pre-recorded signature being sent to it.
You can also compare against other fingerprints by generating their signatures.
One of the best parts of the system is that it doesn't actually send a complete fingerprint scan to the computer. Instead, it crunches it down into a 500 byte "template" that can't be used to reconstruct the user's fingerprint. This seems intelligent both from the standpoint of minimizing necessary mouse-computer bandwidth and for their stated objective of protecting privacy. I guess that this is sort of like storing passwords using an MD5 hash.
The only problem I can see is that it seems as though it would be comparatively straightforward to spoof. All you'd need would be a hardware tap on the mouse plug and you could capture the fingerprint template as it's sent to the computer. Then you can log in as anyone else by reversing the transmission and sending their fingerprint template instead of your. Since it uses a standard PS/2 port, this shouldn't be too hard to engineer. I guess that you'll have to use this as a secondary system together with a password.
There's no point in questioning authority if you aren't going to listen to the answers.
This is rare right now, but I suspect that we will see a lot more of this happening. As Linux (and to a lesser extent, BSD[*]) grows, we will see much greater acceptance of Linux as an alternative platform at equal or greater standing relative to the Mac.
It's great that Linux is starting to resemble a mainstream OS choice. But let's remember, Linux and Mac are vastly different markets. In particular, there is a large bias in Linux numbers towards servers, and a desktop bias on the Mac side. These gaps will begin to fill in and we may see more overlap as 1) Mac OS X public beta ships in the next several weeks 2) Linux becomes more desktop-friendly.
But for the time being, it is not surprising that something like, say, an IDE would arrive first on Linux, and then later on the Mac. But conversely, it will be some time before Linux users will get the the full attention of graphics app and page layout developers. Either way, having two viable alternative operating systems is certainly better for everyone, particularly if developers support both equally. It sucks when you're forced to use an OS purely because that application you need to use runs on it.
- Scott
------
Scott Stevenson
Scott Stevenson
Tree House Ideas
I think you are wrong on the count of the need for any company you would have to deal with to know your biometric information, or of the need for a biometric database.
You could just use a smart card to check the biometric information (after some preprocessing by the host, since biometric recognition is likely to be too expensive for smart cards at least in the near future). The card would then sign the transaction.
Smart cards signing transactions when the correct PIN is input have been in use in France for more than ten years.
What this system needs is a challenge-response system like a smart card.
The computer should send a key to the mouse, the mouse hashes the biometric data, then hashes it again with the key. As long as both hashes are one-way, this would ensure that tapping data between the mouse and cpu would be worthless.
Kevin Fox
Kevin Fox
AFAIK, all fingerprint verifiers use a reduced set of extracted features for comparison. This is the first one I see that tries to claim it's a privacy feature - it's simply how it works. Give a marketroid a bunch of technical details and he's always find a way to present them as features.
Biometric systems should always assume that the fingerprint, iris scan, etc is not a secret and is known to the attacker. Your password can only be considered secret because you can change it.
To have any meaningful security a biometric system must have a trusted reader and a secure path from the reader to the verifier.
Two examples:
1. The verifier is inside the reader. Your private key is embedded into a tamper-resistant device and a fingerprint is required to perform a private key operation (signing, decryption).
2. The verifier is in a secure remote server, but communication between the reader and the verifier is cryptographically protected. The reader should sign the scan and also use a timestamp or challenge/response system to prevent replay attacks. Each reader would have a separate signing key so they can be revoked, if necessary. Even the best tamper resistance cannot be trusted with a global reader signing key that results in catastrophic failure if it is compromised.
Suggested protocol:
Before being used for the first time the readers are connected to the verification server for initialization. The server generates random keys and sends them to the readers. These keys cannot be read back from the reader, only overwritten.
For authentication, the client first asks the verification server for a challenge. It sends the challenge into the reader which calculates a hash of the biometric scan, reader signing key and the challenge. This hash is sent to the server along with the biometric scan for verification.
The reader key should be kept in battery backed static RAM rather than EEPROM. This makes it easier to self-destruct in case a tampering attempt is detected. To prevent the value from permanently affecting the memory cells via ion migration or similar phenomena it could be cycled continously.
The key database on the server is a single point of failure - but the server is probably the same resource you are trying to protect anyway. It would still be nice to make the key database less vulnerable by using asymmetric cryptography - a key pair is generated during initialization and only the public key is stored on the server.
The Sony fingerprint scanner (also featured on slashdot recently) appears to implement #1. Does anyone know of a system similar to #2?
----
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
--
and I don't mean first post.
Look closely at the text. It says that there will be a Unix/Linux version at the end of the year, but the mac version will not come into 2001.
This is rare right now, but I suspect that we will see a lot more of this happening. As Linux (and to a lesser extent, BSD[*]) grows, we will see much greater acceptance of Linux as an alternative platform at equal or greater standing relative to the Mac.
[*] Nothing against the technical merits of BSD; they just have a smaller marketshare at the moment, thus having a lesser affect as an alternative OS.
Friends don't let friends misuse the subjunctive.
So, is the fingerprint really not captured? I would guess the mouse is a dumb scanner that send the entire fingerprint to the computer, and it's simply their software running on the computer that generates the 500-byte "minutia file" from it. The web page isn't precise on the matter.
Think about it. Why embed a processor to do that work when they could use the one already installed on the other side of the port?
would have a magnetic resonance scanner for your head.
This is the only biometric that everyone has.
Some people don't have fingerprints, some people have skin conditions that prevent hand scanners and face recognition from working, some people don't have eyes (so no retina or iris scanners), some people are mute (no voice print), but everyone has a head.
Also, a dead head will not work, and this sort of scanner may even be able to detect emotional distress.
--
The real Webmaven is user ID 27463. I don't rate an imposter, because my ID is such a lame-ass high number.
I work for a lab which does biometric research for sony and the company who microsoft recently licensced fingerprint technology from (I can't recall their name right!)... This thing is bunk :) Theres no way their false accept number is as high as 10^9, reasonable error rates are around 10^3, which is of course scary to rely on as a security device. Why? Because your fingers usually have enough dirt in them to screw up the image even when they LOOK clean, the finger plate collects grease, and most finger scanners have a sweet spot due to the small size of their CCDs. I think anytime you rely on one identification modality, your asking for trouble.
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
What does it say that a Unix/Linux version is coming out before a Mac version?? I mean, Macolytes are used to being second-class citizens, but third class? The Mac population is pretty puny, but I don't think it's smaller than the Linux population that would use this.
Maybe they are aiming this also at the server market.
--
Sometimes it's best to just let stupid people be stupid.
Think about it. Why embed a processor to do that work when they could use the one already installed on the other side of the port?
Because they already have a processor in the mouse anyhow, to drive the scanner and otherwise process mouse movement. (High-power processor cores are cheap, and when you already have one for some other reason they're free.)
Because they're concerned about privacy issues, and don't want a raw fingerprint on the wire.
Because they want to compress the data before it hits the wire.
Because they want to be compatable across many platforms without dumping a lot of code into the driver where it might need tweaking - or they don't want to expose their compression/signature algorithm in an open-source or hackable driver.
Mind you, I'm not saying they DO compress the fingerprint in the mouse. I'm just providing reasons why they might chose to do so.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So, if I need to log in for some really important reason (e.g. I want to log back in before the rm -rf / does too much more damage), your system will detect that, and prevent me from logging in?
DNA just wants to be free...