Vein Patterns to Verify Identity

JonN writes "Fujitsu Ltd. will start selling a biometric security device next month that relies on vein patterns in the hand to verify a user's identity, it said today. The palm-vein detector contains a camera that takes a picture of the palm of a user's hand. The image is then matched against a database as a means of verification. The camera works in the near-infrared range so veins present under the skin are visible, and a proprietary algorithm is used to help confirm identity. The system takes into account identifying features such as the number of veins, their position and the points at which they cross."

Anybody else see "Demolition Man"?

[nokilli]

Biometrics sounds great, right up until the point you run into the desperate dude who is willing to take out your eyeball -- or in this case remove your hand -- just to be able to access whatever it is that is being protected by biometrics.

So who is this really good for?

Wouldn't you rather give up the memorized password rather than your eye or your hand?

But then, how does your employer look at this.

He doesn't give a shit about your body. He just wants to protect corporate assets. From his point-of-view, it is statistically less likely that he'll lose such assets were biometrics used over passwords.

Just remember that when next you go to ask for the raise, and your boss is making you authenticate to the company's grid using biometrics.

Re:Anybody else see "Demolition Man"?

[QuantumG]

Or they just force your ass over to the scanner with a gun to your head, Solid Snake style.

Re:Anybody else see "Demolition Man"?

[h4rm0ny]

they can do that with a password, or keys, or almost anything else.

With a password you can have emergency passwords that trigger an alert. Maybe they don't grant you access. Maybe they grant you access but there's an alarm going off in an office somewhere.

Harder to do with biometrics. Hmmm. Left hand good, right hand bad.

Re:Anybody else see "Demolition Man"?

[KronicD]

Your comment is valid and raises the point that biometics should be used as part of a three factor identification system.

1) Something you know (password/login)
2) Something you have (token, keycard, secureid, proxy card etc)
3) Something you are (biometric)

This allows for duress passwords as well as the use of biometics to increase the strength of an authentication system, rather than replace it completely.

Re:Anybody else see "Demolition Man"?

[securitas]

Biometrics sounds great, right up until the point you run into the desperate dude who is willing to take out your eyeball -- or in this case remove your hand...

The cut-off-the-hand-to-defeat-a-biometric-scanner approach is a typical Hollywood interpretation of a clever way to compromise biometrics.

Biometric systems that are worth using to protect assets of any value test for what is called "liveness" to make sure that someone's hand (or body part of choice) hasn't been severed to bypass the system. That's not to say that biometric systems can't be attacked or circumvented, but anyone who relies exclusively on a scanner to provide security for valuable assets is just asking for a breach.

Multiple-factor authentication that includes a biometric component is a much more likely implementation as a security measure than a biometric system alone. That significantly reduces the chances of a security breach even if the biometric component is compromised.

Re:Anybody else see "Demolition Man"?

[QuantumG]

That's the point, they can't prove there is anything else on the harddrive but neither can you so it's in their interests to beat you indefinitely.

Re:Anybody else see "Demolition Man"?

[Xiaran]

One other thing that can be bad about biometric only interfaces that is rarely discussed is that it doesnt allow for whats called in the industry as duress codes. Say for example you are a security guard that has a gun pointed at your head and your being force to give access to someone.

If you have a password/PIN then most security panels allow for a dual PIN and duress code for a user. The regular PIN just opens the door. The duress PIN will open the door and trigger a silent alarm. No one gets hurt, bad guys are happy but the good guys are on the way.

Re:Anybody else see "Demolition Man"?

[MyLongNickName]

I'm so tired of hearing the "dude who is so desperate, he's willing to take your eyeball" type argument. If someone is that desperate, he's more likely to off you and rob you than worry about using your eyeball to hack your accounts. Generally the desperate folks are the strung out drug users, not wanting to come down again. They don't put this much forethought into their crimes.

Now the professional hacker (cracker for those who still insist on the distinction) don't want to get their hands dirty. They prefer to act quietly, and score a lot of hits before anyone knows they are around.... a trail of eyeball-less individuals ain't staying quiet.

And third... once eyeball is removed, you wouldn't be using it for id. Blood loss would destroy the patterns the system needs to id the person. I imagine you COULD devise a way to keep it intact log enough for id... but who in the hell will want to go to that much trouble? Short of military secrets, I can't see it happening.

Excessive

[adam.conf]

I guess more biometric sensors are always better -- but at a point, doesn't it seem excessive? I guess I'll be able to sleep easier tonight knowing that if I'm killed in my sleep and my murder spreads my bodyparts across the county, I can still be indentified by the veins in my hands. Thank God.

Re:Excessive

[plover]

What makes you think biometrics are better? Systems can be fooled.

Just like any other computer-based biometric system, it only starts with a scanner. Once you get past the handwaving (pun intended) it turns into bits and bytes, just like any other security token, such as a password. These systems will have weaknesses, it's the nature of systems. Look at all the components: palm reader camera, imaging software, algorithms to reduce a hand-print to a series of numbers, a database full of those numbers, a database full of "rights" to be granted based on those numbers, a signal to the turnstile or electric door lock to let you in, and networks and wires interconnecting all of those pieces.

To a bad guy, a wedge into any single component listed above might be enough to send "ACCESS GRANTED" to the door lock.

Yes, the same is true of any security system of any sort -- but for reasons I can't fathom, biometric-based security systems seem to give a higher "sense" of protection to the executives writing the checks.

At least this one won't be fooled by Jello.

Re:Excessive

but for reasons I can't fathom, biometric-based security systems seem to give a higher "sense" of protection to the executives writing the checks.

The reason for this is that the techo-illiterates hear biometrics and think "the computer is looking at me and can recognize me." They think it's akin to a human looking at them and recognizing them, but this is entirely wrong. The computer isn't looking at anyone. It's seeing a stream of bits, nothing more. It has no way of really knowing how that stream of bits came to be inputted to it. This is like me sending you a print-out that says "This is Steve. Open the door." From the print-out alone, how can you be sure it's actually from Steve? You can't without additional authentication measures.

The most common system of authentication is the username and password combination. In this system, both the username and password must match for authentication. While it can be wise to guard the username as well as the passwords you use, the secrecy of the username is not normally assumed by this system. It's purpose is not really authentication, but to inform the computer of whom you wish to be authenticated as.

It would be more useful to use biometrics as the equivalent of the username. Do not assume the secrecy of the biometric data. Use it only as a way of informing the computer whose authentication is being tested--a way that is more difficult (though not significantly moreso in many cases) for a hacker to duplicate. Rely on passwords (whether traditional memorized key sequences or smart card generated bit sequences or both) as means of authentication.

On a final note, biometrics is much more useful in authentication where a human guard oversees the process to verify that the biometric data actually comes (willingly) from the person being authenticated. In such a circumstance, biometrics alone can often be sufficient. This is after all not much different than someone looking at your drivers license picture to verify your identity, and when was the last time you needed a password in that circumstance?

-AC

Replay attacks

It sounds like such a system is subject to replay attacks. i.e., if I take a picture of your hand I can replay it to the reader. That's the beauty of smart cards: challenge-response with a random nonce means no two queries are ever identical, so no two replies are ever identical, and replay attacks are worthless.

Re:Interesting take on biometrics

[Nos.]

I don't think you're going to find this equipment in stores that bare the "less than $50 after dark" and "employees do not have safe combination" type signs. That being said, this might be nice in some applications...

• single sign on and never having to change passwords every 90 days
• No more keys for your front door... unless you have cold winters like we do... I don't want to hold my hand in front of a camera at -40C
• No more PIN numbers, or signatures for verification for bank and credit cards

Uh, what?

[Bill_Royle]

That's the dumbest argument I've heard all evening.

The "desperate dude who is willing to take out my eyeball?" Why wouldn't he just leave it in your head and just piggyback through? Or bring you along to access that "protected" stuff?

Sure I'd rather give up a memorized password instead of an eye or hand, but again this is a question of severity. I don't believe you go from demanding a password to cutting out an eye without things other than biometrics being a critical factor.

Your employer may not give a shit about you, but most employers do. The liabilities of employees getting hurt is much of the reason that many employer-offered health plans have increases every year. I doubt that any employer will be nonchalant when one of their employees come to work with only one hand.

There's nothing wrong with an employer implementing biometrics, if it's an at-will company. It's up to the employee as to whether that proposition is acceptable.

Re:Modern medicine is based on the idea of samenes

[Nos.]

I find it worrisome that the verification of something as personal and important as someone's identity is based on something as common and repeatable as the pattern and layout of veins.
I haven't done the research, but I doubt this is any more "repeatable" than fingerprints, or for that matter DNA.

Why this won't work.

[rincebrain]

I've met quite a few people who have nonstationary veins; that is, veins that they can move around, that twist under their fingers and stay in their new position, etc.

How will this system handle these?

to all the "chop off the hand" people

[SuperBanana]

Well, I see we've already got a few people posting "zOMG my hand's gonna get chopped off".

Here's a pop quiz. How's a device that uses near-IR to see active blood vessels going to work....

...on a hand with no blood pressure, and no hot blood flowing through it? Seems to me a cut-off hand would be virtually worthless within seconds; the veins would become the same temperature as the rest of the hand, and collapse due to lack of blood pressure.

Re:to all the "chop off the hand" people

pump hot saline through it, dipshit.

Biometric security idea of the week.

[RyanFenton]

This time, it's the translucent map of the hand.

Problems with this idea?

1. Injury or other causes of restricted bloodlow will change the pattern. People may be wearing a watch or carring a bag which may change the net translucent image of the hand for some time.

2. No mention if this is 3-d imaging, or multiple-perspective scanning of some sort - but if it's just a 2-d single image, then another source of the 2-d image could be used as fake ID. In the case of 3-d imaging, fakes become more difficult - gummy hands are a lot less common than gummy bears. Still - there has to be a basis for pattern-recognition in the complex mess that makes up a human hand/palm, and that basis can be exploited. A rubber glove with ink on the palm, flipped inside-out may do the trick, or something similar.

3. This equipment... will it be cheap? Will it require large databases and further security for that data? How much cheaper will this be than other security methods? Cost more than most things will likely determine the impact of a biometric technology. Just having another identification scheme won't help that much, if it can only be used in already-secure or expensive scenarios.

Biometrics are a great idea, and some very cool implementations - but they always seem to involve a lot of false negatives/positives (none have solved both), and are fairly expensive relative to their unreliability. They certainly haven't been a replacement for most standard security schemes. How is this scheme different?

Re:Why biometrics doesn't work

[Marnix]

> Some day in the very near future there will be a way to easily duplicate fingerprints, vein prints, retina prints, or whatever.

Some day in the very near future, there will be biometric scanners that can tell the difference between real/live and fake/amputated body parts. The fact that there are not many now is mostly due to the fact that nobody wants to pay for them. People seem to think that spoofing is not an issue. But it is, or will be. As biometrics are increasingly used to protect things of value (cars, credit cards, etc), it becomes more profitable to develop spoofing techniques. That, in turn, makes it more profitable to develop better liveness detection methods. It's an arms race, really.

it's just a tool

[Khashishi]

You guys are all overreacting -- as if this will be the end all be all of identification.

This won't be used solely except perhaps for minor barriers to entry. You don't need to worry about some guy having the same vein pattern as you, since the chance that this guy is also trying to defraud you is pretty small. A criminal might share a pattern with some other people, but how is he going to find out which people he matches without some inside access to the system?

You people worried about not reading due to various biological reasons: it may be an inconvenience, but you aren't gonna be locked out of your account. What do you do if you forget your password nowadays?

And those who say that the system is insecure and bypassable. No system is secure. At least this is probably more secure.

Re:Veins not very constant

[Peyna]

But you don't want to have to do this every week, for practical and security reasons.

It'd be like changing your password every week, automatically, doesn't seem like so bad of an idea. Just a pain to maintain.

A little more detail

It didn't seem to be mentioned, but there are more details regarding this device people ought to know. The current version they are pimping is a black block a little bigger than a pack and a half of cards, and while it is true it does IR vein scanning, it also is performing hand geometry matching in software, to assist in getting around vein irregularities. The Fujitsu minions who use it seem to like it, and have gotten so good at positioning their hand over it that they no longer need the positioning guide. They are already prototyping a new version that is roughly a 1 inch cube including the USB controller.

No matter how much they work in software to prevent fakes from gaining accees (which by the way is pretty decent from the demo I saw) it is still weak to the picture attack fundamentally. The algorithms are pretty good though, since a major japanese bank is using them on ATM's, combined with a smartcard ATM card that does MatchOnCard with the calculated template from the sensor (ostensibly to prevent private information from leaking to the outside, though they still require a PIN as well to use the ATM).

Now if only the manufacturers moved to a harder to fake biometric sensor type, like ultrasonic fingerprint sensors...

biometrics just s*cks

[l3v1]

My main problems with almos all biometrics identification & recognition systems for public use is that
- none of them works good enough (see below)
- if you combine multiple biometrics to raise the efficiency they will become exponentially more inconvenient and expensive, and still not being 100%
- very many biometrics can be falsified and there probably are levels where even cutting a hand isn't a big deal to get to the information; in cases when you need the hand/finger/etc. alive there's kidnapping and remember, one doesn't have to interrogate the fella, just to take him

Ok, so about efficiency. If you care to dig a bit deep and read research regarding different types of biometrics, you'll easily find quite high numbers on %. There's two things one has to constantly keep in mind:
- most if them give those high % only in specific working conditions
- if you read one biometrics works at 9x%, always think on the reverse: e.g. how many real people does that 100%-9x% mean in the real life like airports with multi-million guests a day ? even 99% goodness means 10000 from 1mil. people falsly angered and that's a lot

False negatives...

[Gopal.V]

Biometrics are worthless if just about anybody from your family doctor to your massuese can fake it. Fake fingerprints are perfectly possible - if you think otherwise read faking fingerprints. Vein patterns are safer because they are less likely to be left around your surroundings and they need a working fluid supply. Also an unconcious man cannot give you his password, but his biometrics are still perfectly valid.

The real problem here is the false negatives. Suppose I switch from typing to writing for a couple of weeks. Two weeks later, all my viens have moved back into the base of my palm and away from the little finger. It's too temperamental compared to ascii passwords :)

If I end up implementing unbreakable security somewhere , it's be proximity card (RFID) + password + biometric. This combines - what you have, what you know and what you are. Also some very good error messages if you type the password wrong :)

Get real

[MyLongNickName]

For 99.99999% of the applications out there, no one would even DREAM of going to these lengths.

For the other 0.00001% (read military secrets) of the applications out there, there is likely to be two or three other authentication processes out there, one of which involves a person pysically giving you access.

Re:Get real

[h4rm0ny]

What lengths? It's a process that takes a few minutes, £10 worth of plastic and a secondary school knowledge of anatomy.

The deterrant is one of severity of punishment for the nature of the crime, not one of technical difficulty. That's a deterrant to be sure, but the nature of it should be understood.

Your point about multiple security systems is valid of course, but the grandparent was placing erroneous faith in the technical security of the system, and that at least deserves correction.

Exactly. All biometric security is fraud.

[zippthorne]

But looks really cool in movies.

Anything that can be imaged can be reproduced to the accuracy of the imager. Hence, biometric security is like a social security number: it might be unique to you, but you can't change it ever* and if someone gets a hold of it, you're screwed.

*I am aware that in extreme situations you can change your SSN. afaik, This capability was designed to address that point, however the address space of SSNs is not that sparse and the cost of changing the number is too high. (in both time and money)

The only way to change your biometric data would involve some pretty severe scarring.