Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Setback for Biometric Passports

Posted by ScuttleMonkey on from the tin-foil-bag-with-your-tin-foil-hat dept.

trydk writes "The Register has an article on the lack of security in biometric passports. This time, according to Dutch TV program Nieuwslicht (Newslight), the Dutch biometric passports have been cracked, potentially revealing all biometric information stored in them." From the article: "[...] an attack can be executed from around 10 meters and the security broken, revealing date of birth, facial image and fingerprint, in around two hours. Riscure notes that that the speed of the crack is aided by the Dutch passport numbering scheme being sequential."

3 of 70 comments (clear)

  1. Precision & Recall by eldavojohn · · Score: 5, Insightful

    The biggest setback to biometric security is that few companies post the actual numbers concerning their precision and recall.

    Before I ever buy into a biometric security device, I want to be able to sit down with the numbers and see what happens to the F-measure when I slide beta between zero and one.

    Their sites should have a slider that goes between zero and one with the resulting number. That way, I would know how many times out of a hundred my guards are going to let Bin Laden Jr. through my security check points. But I also want to know how many times my guards are going to throw Grandma-down-the-street against the hood of a car and arrest her for being a dead hijacker from an infamous attack. Implementers of biometric security just don't seem to grasp the concept that a false positive can be a problem just like a true negative. Every white paper I've read on this issue makes certain that they include these figures at the end of their paper.

    Because if you hit the production line, these numbers are all that matter to your consumer.

    --
    My work here is dung.
    1. Re: Precision & Recall by Black+Parrot · · Score: 5, Funny

      > I want to be able to sit down with the numbers and see what happens to the F-measure when I slide beta between zero and one.

      What page of the Kama Sutra are you referring to? I can't find any of that stuff in the index.

      --
      Sheesh, evil *and* a jerk. -- Jade
  2. Re:Fingerprint authentication is a bad idea by SeekerDarksteel · · Score: 5, Insightful

    And this is why I think that ALL machine readable biometric measures will eventually fail. The inherent problem with all biometrics is there is NO method to resecure your authentication method once a compromise has occurred. If someone steals your password you can change it easily. If someone steals a physical key, the lock can be replaced. (A bit costly, but doable). If someone steals your fingerprint, from that point on for the rest of your life you cannot be guaranteed security in a process that uses your fingerprint as authentication. Worse yet, you leave your fingerprints EVERYWHERE. I don't know about you, but I don't leave hundreds of copies of my passwords lying around every day. There's also the argument that it isn't feasable to create fake fingers to pass fingerprint authentication with someone else's prints, but the data has to get digitized somewhere. Once it's all ones and zeros someone doesn't need to create a fake finger. They just need to figure out the right place to put their ones and zeros.

    --
    The laws of probability forbid it!