Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Biometrics Site Opens Doors

Posted by Zonk on from the scanning dept.

flickerfly writes "A new site to unite the individuals interested in Linux and Biometrics has opened its doors. LinuxBiometrics.com's purpose is to fill the biometrics void in the Open Source community. With the increased adoption of Linux in europe and the recent increase in biometrics interest by the EU, this appears to be a field ready to blossom into heavy adoption and will be in need of OSS support."

14 of 117 comments (clear)

  1. Confused by Anonymous Coward · · Score: 3, Funny

    Linux = good
    biometrics = bad
    Linux + biometrics = ?

    1. Re:Confused by mboverload · · Score: 4, Interesting
      Once you lose your fingerprint to theives you are screwed for the rest of your live.

      You can't change your fingerprint or your biometrics, which is why they are a stupid idea. Once they come up with a way to even imitate retnas the whole security system that was based around biometrics will be SCREWED.

  2. It's a matter of trust and privacy by kebes · · Score: 5, Interesting

    Open source biometrics shouldn't just be for those wacky Europeans who like OSS. Important security issues like biometrics should be engineered in an transparent fashion. This is necessary so that the citizens can be assured that their privacy is not being infringed, and that their security is being maintained.

    Closed formats and security through obscurity have well documented shortcomings. For important government and security applications (voting machines, encryption, etc.) it seems like an open standard and open software is a much better way to ensure reliability, stability, fairness, and so forth. After all, security is pointless without trust... and I would argue that trust in a system is enhanced by it being open.

  3. Be careful with biometrics! by tquinlan · · Score: 4, Interesting

    All Linux biometrics should look for HEAT in addition to regular biometrics (ie, fingerprint), so that something like this doesn't happen:

    http://news.bbc.co.uk/1/hi/world/asia-pacific/43 96 831.stm

    A cold finger shouldn't be usable, and that will keep them all attached!

    --
    DBA? Software Engineer? My company is hiring! Click
    1. Re:Be careful with biometrics! by TripMaster+Monkey · · Score: 3, Informative

      A cold finger shouldn't be usable, and that will keep them all attached!
      So the bad guys will keep it in a thermos full of hot water until it needs to be used. Problem solved.

      Seriously, though, the point that most people seem to be missing here is that your biometric identification information (fingerprint, retinal scan, iris scan, etc.) has to be stored somewhere. If it's stored somewhere, it can conceivably be accessed and altered illicitly, allowing acces to unauthorized parties. I believe most attackers will choose this method over the 'garden shears' option.

      --
      ____

      ~ |rip/\/\aster /\/\onkey

    2. Re:Be careful with biometrics! by kebes · · Score: 5, Interesting

      This is one of the problems with biometrics. I would rather someone steal my bank card and demand to know my PIN, rather than having them cut off my hand or cut out my eye.

      For every countermeasure there is a counter-countermeasure. If heat sensors are included, thieves will just use a lighter (or whatever) to warm a finger before using it. I've often thought that retinal scanners should check to see if blood is actually flowing in the veins/arteries in the retina, but this is not (currently) feasible I think. If this countermeasure existed, then no doubt someone would figure out a way to beat it (artificially flowing liquid through a detached eye sounds complicated, but you could probably fool the sensor by casting moving shadows on the back of a detached eye, thereby simulating the proper pulsating effect of veins...). I've also thought that eye-scanners that use the iris pattern instead of retinal pattern could emit a flash of light and monitor the rate at which the pupil contracts. This would be proof that the eye is alive (since it reacts) and could even perhaps guard against people being drugged or stressed. Again, however, I worry that someone would overcome it.

      The exact form of the criminal's counter-countermeasure of course depends on how the device works, but eventually they'll figure out how to beat it. Now, a technological escalation on cracking encryption or snooping network traffic is one thing... but when it comes to biometrics, it puts peoples lives in danger. So perhaps we should rethink this whole biometric thing. Is my car or bank account really worth so much that I'm willing to endanger my hand or eye???

    3. Re:Be careful with biometrics! by HermanAB · · Score: 5, Interesting

      So, what about cold countries. I once walked into the bank and could not sign my name - my hands were too cold. So, they just laughed and carried on without a signature.

      --
      Oh well, what the hell...
  4. Exploring linux/biometrics in 2000... by Anonymous Coward · · Score: 3, Interesting

    ... and trying to locate a PAM implementation was ridiculous. The vendors had locked into MS, and completely ignored the huge Solaris/Unix situation; government for example. When visiting with the Biometrics people in several research institutions, they gave me a dumb look when I asked about open source of a PAM, and it was all about Windows. Duh. Sun was extremely tight-lipped as they apparently were keeping that market as an opportunity for themselves.

    I did find some odd threads of software activity, such as Univ. of Michigan, but that all seemed to go nowhere or die out; maybe they were all sucked up by the NSA? or the Banking industry?

    I'm sure this site will draw more open interest.

  5. Re:Try: by azmeith · · Score: 4, Interesting

    How can any form of biometric software (os or otherwise) be 'good'?

    The way I see and understand it, it will never be perfect, not because humans are not smart enough to come up with innovative uses of a techonology but simply because the human body which provides the biometric information in the first place is a living, breathing, evolving, ever-changing entity. Moreover I just happen to believe that we as humans, being so error prone, can never come up with a fool proof system, irrespective of what a whole bunch of govt agencies would like us to believe.

    Given all of that what scares me is not the fact that these technologies will be error-prone forever but that there will be no humans around to arbitrate any conflicts/problems in most situations (as is wont to happen when ppl start to take a system for granted). I really wouldnt want to be in a position becase a machine/system/software suddenly decides I am a terrorist because my thumb prints are obscured, because I play too many games using a fucked up pad, and taking 'pre-emptive' action.

    Just because the system will be FOSS and a few million eyes will be watching the arch/code does not mean it will be perfect. And at what point of time do we say - 'Oh crap! this is not going to work.'; when a person dies, two ppl die, two thousand non-first-world ppl die?? And assuming ppl do get tech savvy, and put up monitors (the human kind) we come back to the same old question of who monitors the monitors??

    A simple illustration of the problem is the use of ppl (too many, some would claim) in airports in Israel, India, Malaysia and a bunch of other countries which have problems with violent extremism (I hate the word terrorist - but thats a whole another story) and cant spend 10 mill USD per machine for 10 machines per airport. Their record regarding security breaches is a whole lot better then some of the most advanced western airports with some of the most advanced gizmos. It works simply because of redundancy, training, experience and human judgement, three of which a machine can probably never replicate fully.

    Give me ppl any damn time.
    --
    I'm not dumb. I just have a command of thoroughly useless information. -Bill Watterson

  6. Re:This site looks like spam.. by damiangerous · · Score: 4, Insightful
    No, biometrics doesn't "suck". But it's also not the security panacea it's usually made out to be. Biometrics can be a valuable part of the security "arsenal". One good use for it is a verification where the main breach won't come from malicious access but rather laziness.

    For example, a friend of mine is a pharmacist. The pharmacy technicians do most of the putting of pills in bottles, but everything has to be reviewed and signed off on by a pharmacist before it's released. The pharmacist verifies the finished prescription, uses his thumbprint to indicate he approves it, and a label is printed. With a password system it's far too easy for anyone to print out the approval label, and that's what would happen. Not out of maliciousness, but simply out of convenience.

  7. Biometrics are more trouble than they're worth. by LokieLizzy · · Score: 4, Interesting
    The risk of losing an eye or a limb to a hardened criminal determined to access my personal information far outweighs whatever security such a system might offer. If such a person attacked you in the middle of the night, which would you rather do? Give them your PIN and wallet full of cash and credit cards, or try to find a way out of the situation when they realize that the only way they're going to get your company secrets/bank account is if they lop off your index finger or scoop out your eye with a knife?

    If you'd choose door number two, then you're a far stranger man than I'll ever be.

    If you're working in a business where you absolutely need the best security for whatever you're doing, then you'd better be prepared to pay top-dollar for loyal bodyguards willing to use lethal force to keep you alive.

    --
    My digital rights don't need management.
  8. Re:This site looks like spam.. by Bastian · · Score: 4, Interesting

    You don't need to cut off a person's finger to get their fingerprint, nor do you need to cut out their eyes to have a model for what their retinas look like. In fact, both those plans would be inadvisable since a good biometrics system (which is what you'd be encountering anywhere you're willing to horribly mutilate or kill someone to get into) will involve sensors designed to tell if what's being scanned is alive.

    The technology to mimic body identifiers will come. A cheap technique for mimicing a person's fingerprint well enough to fool a biometric scanner is already well-established, and will fool heat-sensing scanners, too, since all you need to do is coat your fingertip with some gelatin and then etch it.

    And I would suggest that the "something you have, something you know" system is severely compromised if the "something you have" part is something that can't be voided and replaced. It means that you have to either re-do the entire security system from the ground up to use a different "something you have" whenever someone steals an important "something you have", or you are forced to fire the person who owned that "something you have", or you have to accept that for at least that one person, you no longer have a "something you have, something you know" system.

    If you really need it to be attatched to your body, why not put it in the form of some sort of implant, like the ID chips people put in their pets?

  9. Re:This site looks like spam.. by JimBobJoe · · Score: 3, Insightful

    The pharmacist verifies the finished prescription, uses his thumbprint to indicate he approves it, and a label is printed. With a password system it's far too easy for anyone to print out the approval label, and that's what would happen.

    Essentially...biometrics is useful when security isn't important. (I think that will be the biggest uses of biometrics for years to come...non-security applications...like at my local grocery store where employees use their thumbrpint to sign into a time-clock. It is only loosely a security application, it's more of an application of convenience.)

    In the end, there is no security and privacy tradeoff, the main tradeoff is between privacy and convenience, and security and convenience. Biometrics is very convenient, but it's not very private and it's arguably not secure.

  10. Re:Hand-based biometrics and public health by kebes · · Score: 3, Insightful

    Unless you avoid ever touching a doorknob or hand-rail, I don't see what difference this makes. Common surfaces are everywhere. We all touch them all the time. Sometimes we catch something from a common surface. Adding a palm scanner to the mix doesn't increase the risk of transmission.