Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adding Biometric Security to an Existing Laptop?

Posted by Cliff on from the usb-retinal-scanner-anyone dept.

008 asks: "My work requires me to travel to some harsh climes with my laptop and other equipment, and the data I collect there is potentially very sensitive. Currently I use the PGP family to secure my drives, but my paranoia always demands more. IBM's biometric-ready Thinkpad really piques my interest, but getting one isn't feasible for me because it's too wimpy for the physical stress I'd inflict on it. I'd much prefer a way to biometrically lock a computer I already have. What options are out there?"

4 of 46 comments (clear)

  1. how? or why would you? by gl4ss · · Score: 2, Interesting

    how is easy, just buy a usb dongle reader.

    but making it into a good use in the system, now that's a whole another issue. would you use the biometric data as a password for that pgp drive or what?

    --
    world was created 5 seconds before this post as it is.
  2. BBC? Reputable? by way2trivial · · Score: 2, Interesting

    http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st m

    --
    every day http://en.wikipedia.org/wiki/Special:Random
  3. Re:Biometric scanners are a sales gimmick. by mellon · · Score: 2, Interesting

    Tragically, you are mistaken in this case. Biometric data is analog. All the scanner can say is "yes, that looks like the right fingerprint," or "no, that doesn't look like the right fingerprint." It can't produce a consistent digital value that is derived from the fingerprint. It is possible to make a fingerprint scanner that's self-contained and emits a key whenever it gets a match, but that's probably not what IBM is doing, because that would require putting a fairly expensive CPU in the fingerprint scanner.

  4. Re:Biometric scanners are a sales gimmick. by swillden · · Score: 2, Interesting

    All the scanner can say is "yes, that looks like the right fingerprint," or "no, that doesn't look like the right fingerprint."

    Actually, it's even worse than that. The scanner typically doesn't do anything like that. All it does is deliver a grayscale digital image (called the "livescan") over USB or whatever to your laptop. Software running on your laptop then must extract the interesting features, producing a livescan template, which it then compares against the stored template. The template comparison is fuzzy, as you said, and succeeds or fails based on a configured threshold of "closeness".

    The reason it matters that the matching is done on the laptop not in the scanner itself is because the fact that it's done on the laptop opens up a variety of additional attacks, ranging from replay attacks (attacker snarfs your livescan when you authenticate then just replays it to your machine -- no need to mess with trying to create a fake finger, and completely bypassing any liveness detection, etc.) to exploiting weaknesses in the software (buffer overflows, etc.) to all sorts of attacks on the software and templates stored on the machine. If all of this were done in the scanner, and if the scanner were hardened against attack, and if provided crypto services to the host after a successful authentication, it could be very valuable (though not without avenues of attack).

    Actually, a smart card that could do biometric matching on card fills would get fairly close. Unfortunetly smart cards have so little processing power that match-on-card implementations have to choose between unusably lousy and unusably slow.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.