Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux and Biometrics?

Posted by Cliff on from the third-time's-the-charm dept.

OctaneZ asks: "While this topic has been brought up Twice Before, once in May 1999 and again in October 2000, yet another year has gone by with very little discusion, at least that I have seen in the field of UNIX and biometric scurity. There are now projects like the BioAPI Consortium. But very little has actually come of it. Is anyone out there using biometrics for UNIX security? Or security period? Any advice on implementations? Anyone with experience, give us the heads up: What works and what doesn't?"

9 comments

  1. Progression by mar1no · · Score: 0

    Although now they aren't widely used or integrated into security measures, throughout the progression of this decade, you'll notice a growing increase in biometrics used as security clearance. Take a look at guns, more and more law enforcement agencies are now using fingerprint activated safety switches.

    --
    "you sonofabitch i didn't know!"
  2. A little OT, but I've got to say it ... by Daniel+Dvorkin · · Score: 3, Informative

    I really hate how the meaning of the word "biometrics" has been narrowed in popular usage to mean, "Face scanning for security purposes." It used to be used to refer to anything having to do with biological measurement, including biostatistics, medical sensing, etc. -- e.g., check out the UCHSC Biometrics graduate program. But from now on, everyone will only think of it as referring to Big Brother.

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  3. Biometrics == bad idea by polymath69 · · Score: 0, Troll
    Biometrics for security authentication is basically a flawed idea. This is why.

    Imagine a biometrically-secure system, where the files you can access are encrypted until you log in by verifying whatever you like (left thumbprint, left retina-print, etc.) Now imagine that you, a user or administrator of this system, lose your key thumb or lose your left eye in a freak pizza accident.

    One of two things happens. Either you forever lose all your access to that data and system, or ... someone can edit the authorization protocols and let you back in. That, my friend, is known as a back door. A system that has one can't be considered secure anyway.

    And you can't say that you can just go to the administrator to change your authentication. If you own the system, and you lose your eye, you've lost your root password and are forever SOL. Or, as I said, you have another way in, and so the biometric authentication was a sham anyway.

    Biometric authentication for computer login authentication is a bad idea. It does have its applications (physical site security, for example) but it's a bad idea to bolt it on over a computer operating system, and expect security to result.

    --

    --
    I don't want to rule the world... I just want to be in charge of mayonnaise.
    1. Re:Biometrics == bad idea by jeffy124 · · Score: 2, Insightful

      solution - program in multiple metrics, like multiple fingers from each hand, both retinas, etc. Granted, someone can still have a freak accident and lose access, but the types of systems that require that type of authentication generally have multiple administrators. But what if they're all out to lunch and something happens to them? Then have someone from off-site in case of such a scenario. Doesnt even have to be an employee of that company, could be a local priest if all you need is a backup metric for someone to use. Chances of something happening to everyone are incredibly small at this point.

      --
      The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
    2. Re:Biometrics == bad idea by _Neurotic · · Score: 2, Insightful

      Having considered some biometric login applications in the past (yet to implement) I can say that at least in my environment, the driving force behind biometrics is not to make a system more secure but instead to make it easier to use.

      Allowing thousands of users to login with a fingerprint could theoretically make life much easier for the end users as well front line client support, especially if a form of single signon is implemented alongside the biometrics.

      Justin McMichael

    3. Re:Biometrics == bad idea by jsled · · Score: 2, Insightful

      That's not a "back door" [in most applications], it's just 'superuser' access.

      Contrast this to a *nix box ... Alice has security from her password -- correctly used -- inasmuch as that Mallory can't just waltz into the account. But just because if Alice forgets her password and the superuser changes it to something that Alice now knows [after credential checking and with a audit trail, perhaps], I don't think you can consider that less security. In fact, having that option will prevent Alice from doing silly things -- like writing the uber-important-I-can't-ever-forget-this-password on a sticky note and leaving it on her monitor.

      As another comment suggests, a good method around this is the use of multiple biometrics ... a "strong" check against one [perhaps in conjunction with producting coroborating credentials] should allow a super-user to modify the user record. Under appropriate controls, this still provides security.

      Security comes from the application of the technology to the problem, and in the context of the system... It may be perfectly acceptable to have superuser access available to those who provide any two sides of the authentication triangle, if they can be trusted to safely deal with all sides [tokens, passwords and biometrics].

    4. Re:Biometrics == bad idea by spikedvodka · · Score: 1

      I think, that if something happens to *everyone*(read, your admins), that you have bigger problems than making sure that people can still get access to the system

      --
      I will not give in to the terrorists. I will not become fearful.
  4. Some work done by moyix · · Score: 1

    I've been doing a little bit of work in this area--it seems that the VisMod group at MIT released a simple face recognition system about 10 years ago. It uses the eigenface method, which is generally considered the standard (though there have been other models proposed).

    I've ported the code to Linux and BSD, and it works all right, though it takes a lot of configuring, and uses a strange format for the images. I'll get around to making a HOWTO at some point, but until then, if anyone wants to play around with the program, they can grab the source for Linux and BSD.

    Since these are open source, and the method is fairly easy to understand (there are docs all around about it), I hope that some OSS programmers will take some time to improve on this.