Slashdot Mirror

← Back to Stories (view on slashdot.org)

Biometrics: Prepare to be Scanned

Posted by michael on from the scanned-in-the-place-where-you-live dept.

npistentis writes "From an article in the Economist: It has been a long time coming. But after years of false starts, security systems based on biometrics--human characteristics such as faces, hand shapes and fingerprints--are finally taking off. Proponents have long argued that because biometrics cannot be forgotten, like a password, or lost or stolen, like a key or an identity card, they are an ideal way to control access to computer networks, airport service-areas and bank vaults. But biometrics have not yet spread beyond such niche markets, for two main reasons. The first is the unease they can inspire among users. Many people would prefer not to have to submit their eyes for scanning in order to withdraw money from a cash dispenser. The second reason is cost: biometric systems are expensive compared with other security measures, such as passwords and personal identification numbers. So while biometrics may provide extra security, the costs currently outweigh the benefits in most cases."

30 of 284 comments (clear)

  1. The main problem in my eyes... by matticus · · Score: 5, Insightful

    The main problem in my eyes is the fact that a biometric system turns a fingerprint or retina scan into a string of ones and zeros. If the software is cracked to reveal this string, then the person who belongs to the fingerprint is *permanently* compromised. You can't change fingerprints like you can passwords.

    1. Re:The main problem in my eyes... by Kirill+Lokshin · · Score: 4, Insightful

      The digital form of the biometric is not really meant to be secret. After all, I can get your fingerprint just by setting up my own print scanner at a store.

      The point of the scanner is to tie the binary string to a particular physical object, such as your finger or eye. For instance, suppose that you are visiting store X. If you scan in your finger and the fingerprint matches the one on file, the store is reasonably certain that you are the person who you claim to be.

      Of course, this is vulnerable both to compromises of the scanning hardware, and, more importantly, of the central server that would store the biometric data. If, however, we assume a certain level of trust in someone and have them sign all the fingerprints, and also assume that the scanning device correctly produces a print matching that of the person putting their finger on it, then we can prevent most cases of things like identity theft.

    2. Re:The main problem in my eyes... by glesga_kiss · · Score: 3, Insightful
      But in the "Internet Age", where a store or bank is receiving electronic transactions from all over the globe, how can the store or bank have a "certain level of trust" that the data it is receiving is from a biometric scanner and not just a stolen recording of someone else's data?

      And just take a look at the ATM thread a couple of articles below this to see how ATMs have been comprimised. Cracking counter-point devices will be childs play in comparison.

    3. Re:The main problem in my eyes... by Lord+Ender · · Score: 2, Insightful

      That's why fingerprints aren't used untrusted scanners. You wouldn't scan a fingerprint on your home PC and use it as your slashdot password, because slashdot can't verify that the scanner sending it the data is real. They would be used for physical security, like to get into your hotel room. Even if a crook knows the digital version of your print, the only way he can input that for authentication is by sticking your finger on to the scanner.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    4. Re:The main problem in my eyes... by grotgrot · · Score: 4, Insightful

      Other than very closed systems with very good guarantees, there is only one good use for biometrics and that is identification (NOT authentication). Think that instead of typing in your username, you scan something. Stealing that information is about as useful as stealing your username. You still need a seperate authentication step. The social security number nonsense is a good example of confusing identity with authentication. There are several companies out there who think that anyone who can recite the last 4 digits of my SSN must be me.

      Would you be happy carrying no id cards, credit cards, library cards, employee cards etc but instead everywhere type in a pin or similar secret?

    5. Re:The main problem in my eyes... by penguin7of9 · · Score: 2, Insightful

      After all, I can get your fingerprint just by setting up my own print scanner at a store.

      Yes, and with a little gelatin, you can then produce something that can be used to fool other fingerprint scanners.

      If you scan in your finger and the fingerprint matches the one on file, the store is reasonably certain that you are the person who you claim to be.

      That just means that someone pressed some object with roughly the right pattern against the scanner.

      Human beings weren't designed to be difficult to forge and they make poor keys as a result. Furthermore, current biometric systems don't even perform a lot of verification on the physical tokens they are presented with.

  2. Is it worth the cost? by Isopropyl · · Score: 5, Insightful
    The trouble is, it is not clear that these identity-verification systems are worth the cost and trouble of introducing them. All 19 of the September 11th hijackers entered the United States using valid visas, on their own passports, for example. Verifying their identities using biometric visas would have made no difference.

    I find it hard to justify the cost of using biometrics, at least in this airport example. The airlines in are in decline, the government has just bailed them out with a couple billion, and revenues are still falling. Does the TSA really need to scan my finger before I step onto a plane? Like the quote says, biometrics wouldn't have made a difference on 9/11.

  3. False claim by G3ckoG33k · · Score: 5, Insightful

    The two main reasons being unease and cost?! That is wrong. The simple truth is poor performance. So far, no system has been able to match faces better than 60-80% in real life tests. That is still far too poor to be really useful for police work and other, similar purpose.

    1. Re:False claim by gnu-generation-one · · Score: 3, Insightful

      "Facial recognition is only 1 of the technologies involved in biometrics... To claim that the whole industry has failed to grow because one Type of biometric does not function well is untrue."

      Even if a system were your fabled 5-nines accuracy (1 wrong answer per 100,000 questions) it would still be unsuitable for the applications it's being suggested for. It's almost too easy to remind you that the very best biometrics is about 60% accurate.

      It's not just about biometrics, although their dismal rate of failure, combined with the unattainable promises of their salesmen should be suspicious enough. It's about the statistics of large numbers. If you have a million people per day going through an airport, and a biometric machine with 99.999% accuracy, you've falsely accused 100 people of being terrorists. Every day.

      And, to quote Schneier, it decreases security. Biometrics can be fooled. Easily. Trivially. If you depend on biometrics, then the terrorists will waltz past your scanners undetected, even as the innocent people queue to be strip-searched. Biometrics fail in a predictable way, and anybody who realises that can game the system. Vendors and terrorists alike.

      Of course, it's a rosy future for people who sell such failed systems. Look at "lie detectors" for example. Still in use long after it was proven that you could toss a coin for better accuracy. Does it increase security? No. Does it make people think we're doing something? Yes. Sold!

  4. this cannot be rushed by saiha · · Score: 5, Insightful

    Whether you consider this a good thing or not, if and when it is implemented we need to remember that just like anyother form of security, the weak link will still be the human factor.

    Even if you have the best biometric system, but it is not monitored for tampering (and its database) regularly, who is to say a malicious person didn't add or change a users information. And because biometrics are supposed to be so good, who will the people in charge believe, someone saying they are john smith the computer tech, or the computer that reported them being as being some criminal?

  5. The third reason... by pwagland · · Score: 3, Insightful
    Actually there is a third reason that many of us are uneasy about biometrics. You can't change, unlike, for example, passwords or some "secure token" type of device.

    That means, once your identity is compromised, it stays compromised... and there is little to nothing that you can do about it.

    That is why I don't like biometrics...

    1. Re:The third reason... by EinarH · · Score: 2, Insightful

      In other words; when the fake ATM front steal the file with your fingerprint, face shape and retina scan you are fucked.

      --

      Melius mori in libertate quam vivere in servitute.

  6. the most important aspect by 23 · · Score: 2, Insightful
    they point out is IMO that politicians have so much faith in the flakey technology, that they totally disregard the warnings from security experts.

    This of course, next to waisting huge amounts of money, can create a false sense of security or even lower security as in the example they cite: on an airport, if every 10000th passenger is screened for second testing, the odds are high that guards will not be very optimistic about the system and make mistakes, diss the system, etc.

    in the mean time, terrorists travel by sea, land, etc. Even most of 9/11 went by their real names....

  7. Biometrics are bad because.... by rknop · · Score: 4, Insightful

    Becuase you can change your password a whole lot easier than you can change your DNA.

    The flip side of not being able to lose or forget your biometrics is that you can't change it when it gets stolen. And, yes, people will find ways to spoof biometric authentication schemes into believing that they have your data. Whether it's fake fingerprints, or (more likely) some sort of data hack that sendst the computer the right bitstream for a given person's biometric data, once yours is gone, you're just hosed forever.

    If your password or PIN gets stolen, you can make a new password, or get a new ATM card and a new PIN, and cancel the old ones. Once your biometric info is stolen or spoofed, you have the choice of cancelling it and not being able to authenticate anywhere, or just accpeting that your identity is stolen and will stay stolen.

    Biometrics are great if *combined* with a password. But by themselves, they're foolish for strong authentication. Just because your fingerprints are on your hand doesn't mean that there isn't a pattern there that could be stolen and stored somewhere by bad actors.

    -Rob

    1. Re:Biometrics are bad because.... by JohnnyCannuk · · Score: 4, Insightful

      While I agree with everything you have said, I must take issue with your contention that most biometrics are hard to fake.

      Subscribe to Cryptogram from Bruce Schneier. Read some of the news, widely diseminated here on Slashdot and other tech sites. Systems like most finger print scanners and facial recognition systems are easy to fool.

      For instance, while there are fingerprint systems that act as you indicate, the vast majority do not. They are the cheap readers in my iPaq or on some smart-card readers or those you can buy at Radio Shack. And since the famous gelatin exploit has the hacker wearing the stolen fingerprint gelatin mold over their own finger , even advanced machines will see 'normal temperature differences and gradients' or 'capilary blood flow' since it is seeing a real fingers. These systems are also prohibitively expensive, which means they can only be used for securing VERY sensitive assets. No use spending $10K on a fingerprint scanner to secure my $1k bank account, when this can be demonstably defeated for about $100 in materials and a few hours of work.

      The same with facial recognition systems. In the new recently, one of the most widely used systems was fooled by a person holding up a picture or wearing a picture over a face like a mask nearly 100% of the time (I don't have the link handy, but I'm sure I read it on Cryptogram and here at \.). Again, while it may be possible to overcome these technical issues, the cost of such a system would restict it to acting as part of an authentication system for military bases and very large organizations with sensitive data, but no the general public. Most facial recognition systems CAN be fooled by holding up a picture.

      However, if you are correct in your original assumption, that even using these easily foolable systems as one step in the authentication process is a much better way than relying on them alone.

      And using them as part of an authentication system, not as an identification system, as some US airports have tried... There is a vast difference between comparing a person standing at the right distance from the camera or pressing the right digit into the read with re-tries allowed, that to pick a face out of a crowd of unknowns nad try to say "Unknown identified as Osama bin Looben, please arrest"...

      --
      Never by hatred has hatred been appeased, only by kindness - the Buddha
    2. Re:Biometrics are bad because.... by gnu-generation-one · · Score: 2, Insightful

      "Biometrics are bad because you can change your password a whole lot easier than you can change your DNA."

      Biometrics are bad because people believe they're perfectly accurate. Just look at the people who support killing suspects if a biometric test "proves" them guilty. The public at large believe that such systems cannot fail.

      And it just brings us back to the ID card problem. The harder something is to fake, the more valuable a counterfeit one is. So banks "increase" their security by requiring my fingerprint to withdraw money. Whoop-de-doo, now anyone with my beerglass and a jellybean can withdraw money. Or get on my plane flight and ditch it into the whitehouse. And because biometrics are "infallible", nobody will believe those who complain that it failed.

      I count the places I leave resolvable fingerprints, regularly. It's about 30 places per day, and that doesn't include the secure areas at work, or the prints you could get by breaking into my house. 30 per day. And any one of those could give you access to any fingerprint-controlled system where I was a registered user.

      Fingerprints? Try face-recognition. One camera every 15 meters apparently, in London. Plus tourists, and not even counting people deliberately trying to photograph you. Do you really want to trust a system where someone can print out my portrait from my website and hold it up to your biometrics system to gain entry?

    3. Re:Biometrics are bad because.... by Anonymous Coward · · Score: 1, Insightful

      Obviously you are right in mosts aspects of the story, as anyone in the industry (like you and me it seems) would point out.

      That biometrics are hard to fake is something I do not agree on totally though. Most commercially available (for large scale projects) ID products seem to be easy to circumvent. I would not trust a facial recognition or photo based retina scan one bit for authentication. Let alone finger prints.

      However, most of these problems can be circumvented by easy means. For instance by someone guarding the device against abuse. Holding up a photo or even using a fake fingerprint would be much harder if someone was watching - a lot less work than scanning passports.

      I would currently not use biometrics for fully automated tasks. Not yet anyways.

  8. Re:minority report by rknop · · Score: 5, Insightful

    but realistically, the government would never spend the insane amount of money to install cameras all over the public area of America, especially not high-tech eye-scanning ones.

    Agreed. But don't estimate the money-spending abilities of corporate marketing departments as they attempt to identify and target consumers. (Which, by and large, was what was scanning whatshisname in Minority Report.)

    If you're not happy being paranoid about marketing departments, consider that once the cameras are there, it's real easy for whatever random government organization to use PATRIOT IX to get that data without a warrant, but with a gag order that prevents your being told they got the data.

    -Rob

  9. You cannot change your biometrics. by aepervius · · Score: 3, Insightful

    As it was said time over and over here,
    The Problem is that if somebody menace at pinpoint you can give a password or a pin and they will go on statisfied. You loose money but after you can change the in or apssword and that's it.

    With biometric you CANNOT change those data. Meaning once you are compromised this is over. For ever.

    Furthermore criminal aren't exactly known to be Sissy which would repugn or be afraid of , let us say, chopping a handor an arm. Or getting an eye out of that socket. Even worst it was proved that for many system with caoutchouc , rubber or high res photo scan , you can foolsome of those system. And I bet that you could hack you way thru if you have physical access like any password system.

    The only way to go would be a DOUBLE system. password *and* biometric. Biometric cannot replace the password system with more security. On the contrary it has too many disadvantage.

    So what is my point ? Seeing biometric as more than an extension of the password system will bring a lot of problem as well as a false sense of security. And a false sense of security is far worst than anything weak security.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
    1. Re:You cannot change your biometrics. by Coventry · · Score: 2, Insightful

      your point about a false sense of security, and the need for multiple layers of security in an authentication scheme is correct, but so much of the rest of your post is incorrect, so I feel the need to interject.

      - a stolen biometric isn't useful except agaisnt the same sort of scanning system - as in, the same manufacturer. No standard data format exists.
      - the pin example is a bad one - the theif needs your card as well (as it is the other layer of security in the system). Anyone who gets the biometric data from the thief will have a hard time using it if they also need the new, shiny, replaced bankcard.
      - most biometric systems can tell the difference between dead and living tissue - although this might not stop an ignorant criminal in the first couple of years, it would become commong knowledge that the cut-out-the-eye trick doesn't work once some people ar behind bars.

      --
      man is machine
  10. Biometric passphrases by Anonymous Coward · · Score: 5, Insightful

    That article was more or less product placement. Biometric passwords, while looking very cool in sci-fi flicks, have the following misfeatures:

    1. The "password" can't be changed. If compromised, it's compromised for life.
    2. You only have two thumbs and two eyes, and then you have to re-use your "passwords". Do you want your employer to have access to your bank account? Would your current employer want your last employer to have your access code to their building?
    3. They are not secret. Especially so with thumbprints: every time you grab a glass or a doorknob you leave your "password" written all over it.

    I would say these are the real reasons no one else than gadgeteer type bosses would ever consider using biometric passphrases.

  11. Can't be stolen? Are they on crack? by raxxerax · · Score: 5, Insightful

    How long until someone sets up a phony ATM to capture retinal patterns? And unlike passwords, your retinal pattern is not something you can change as needed.

    Don't get me wrong, biometrics has its place but that place is part of a multi-factor security system. I predict that we will eventually see ATMs that require a card, password and biometrics. Three factors: something you have, something you know and something you are.

    Biometrics by itself is useless for security.

  12. Re:Fingers by iabervon · · Score: 2, Insightful

    Actually, people can steal your finger with a piece of tape and a bit of rubber. So far as I know, nobody's made a biometric system that actually manages to determine that what it's examining is actually flesh and blood, rather than a thin layer of some other material with somebody else's fingerprints on it (or something even less sophisticated).

  13. If the data is stolen, get an eye transplant? by Scot+W.+Stevenson · · Score: 2, Insightful
    As Bruce Schneier pointed out in his book Secrets and Lies (which you should have read before turning on your computer for the first time), that "biometric" data has to be stored in digital form. Now, if somebody steals that digital data, what are you going to do? He now has the digital equivalent of your retina-picture, so you are going to need new eyes...

    If you haven't read this book, rush out and do so now. It explains a lot of things very clearly, though it does make you sick to your stomach when you hear the politicos talk...

  14. what if you lose a finger? by fermion · · Score: 2, Insightful
    This is just scare tactics. The other day I heard an ad for a jewelry shop and one of the main benefits cited for shopping at this shop was that you would be less likely to get mugged. I find decisions based on fear are unreliable.

    Proponents have long argued that because biometrics cannot be forgotten, like a password, or lost or stolen, like a key or an identity card, they are an ideal way to control access

    From what I have read and understood about security, it is inherently insecure to rely on a single form of validation. In general a secure system, like an ATM, one should require a token and a secret, or perhaps, two tokens. So on tv you see the secret agents required to swipe a card, and speak a code word. This uses biometrics as the second token. The advantage to biometric, therefore, is that one could go to an ATM and use a fingerprint and card to access the account, thus saving the PIN.

    The disadvantage i have read the most is that once you lose control of the biometric, say your voice, or fingerprint, or whatever, security is forever compromised. You can't call you bank and ask for a new fingerprint.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  15. A password I can't change? by Ossifer · · Score: 4, Insightful

    That is effectively what biometric security is. Consider then that the entire network must be physically secure or my (eye/finger/etc.) "password" will quickly be known and re-used. The "password" I used decades ago is still valid!
    Also, I'd rather give a mugger my wallet & pin, than my wallet & thumb...

  16. Re:body part security by bersl2 · · Score: 3, Insightful

    Having said all this, voice print ID avoids many of these pitfalls. It seems the most promising since no one can physically force you to speak your password, and if you die the data remains protected.

    What about when one has a cold? or laryngitis? How does one then get normal access? The good thing about passwords and PIN numbers is that nothing prevents me from gaining my access. If I lose both of my arms, I can still type a password with my toes. Hell, if I lose my legs, I can type (alphanumerically) with my nose! I might look like the Black Knight, but I could still get to my pr0n collection (which, in retrospect, would be a bad idea).

  17. biometrics is a joke by ShadowRage · · Score: 3, Insightful

    the key thing is.. to remember your password... because people cant steal your knowledge.. depending on how strong your will power is.. however.. they can steal your body parts.
    and your fingerprints CAN be duplicated.
    so biometrics is an expensive technology with too many vulnerabilities
    now.. for the common home user, who wants it for the hell of it... or medium level security.. yeah...
    but for bank vaults, and other things.. murder would be on the rise.. and theft would be more successful.

  18. Common misconception by Coventry · · Score: 5, Insightful

    Your idea has problems for several reasons:

    - biometric data is not stored as a simple image. It's not stored as a compressed image, or a md5 of the image. It is most often stored as a series one-way-hash values, each of which is derived from some characteristic inherint in the scan. Someone could steal this data, but creating the original image is near impossible, like breaking a 100 kilobyte rsa key.
    - biometric data is stored in a different format by every manufacturer. There is no standard - heck, they can barely get a standard API for how to interface with the hardware and drivers (www.bioapi.org), let alone agree on a standard format. Thus, if visa were to start using scanners, and your fingerprint scan were stolen, only visa systems would be affected.
    - most authentication systems (other than the implied example of logging onto a computer) use multiple pieces of information, usualy two or more of the following type:
    - something remembered ( a password or pin)
    - something kept (a security card, a credit card)
    - somethign intrinsic (a biometric)

    Now, how useful is that fingerprint scan if the visa card it's associated with is not in the theif's hands? How useful is it if you cancel your card and get a new one?

    - if someone did manage to steal an image of your fingerprint or retina, it won't do much good: systems these days are able to tell the difference between a dead/living finger, a photo, and even a plastic mold (many systems look for temperature of what is scanned, and can even look for capilary blood flow).

    - if someone gets access to a computer system where they can use the information stolen and bypass the scanning device, well, you have much bigger problems: such a breakin would probably compromise things to the point where they can simulate a positive authentication from the driver/hardware, for any user.

    - (this one only applies to fingerprints): you have ten fingers, use a different one. For eyes, switch eyes.

    Having said all of that, please realize that biometrics are intended to enhance security by adding another layer to the authentication systems in place, not to replace them. A bankcard+pin+fingerprint is more secure than a bankcard+pin.

    Anytime you hear/read the mass media promoting the death fo passwords via biometrics, realize that either A) the reporter doesn't get it or B) they have talked to a marketing person at one of the manufacturers who is (most likely in my experience) pandering to the media in an attempt to grow the market and get sales, despite the falsehoods involved.

    By the same token, anyone who tells you a password by itself is secure, is also wrong.

    --
    man is machine
  19. Biometric passports -- old news by Christian · · Score: 2, Insightful

    The article talks about implementing passports incorporating biometric data.

    THIS IS TRUE OF EVERY SINGLE PASSPORT TODAY!

    Every passport contains a photo of the person to who it belongs. This photo is (supposedly) certified by the government who issues the passport. Incorproating additional biometric data won't make it more secure, it just increases the cost.

    Why don't these people actually get someone who knows something about security to check these ideas over before they get turned into laws?