[geeks] Interesting article on fingerprint biometric systems

[Charles Shannon Hendrix]

Sun, 09 May 2004 @ 10:11 -0400, Nadine Miller said:

> <http://www.schneier.com/crypto-gram-0205.html#5>
> 
> Recounting a presentation by a Japanese mathematician that was 
> able to fool 11 commerically available fingerprint biometric 
> systems 80% of the time with gear he made at home.

They don't really scan your fingerprints, they scan a rough
approximation of them.

That's how they kept it cheap, and that's why it can be fooled.

This triggers a rant...

However, even if they did it perfectly, I'm not sure how great it would
be.  Consider:

I worked in this industry briefly, and we joked all the time about how
the customer was buying a false sense of security.  For every product we
worked on, we had a dozens ways to get around it, or a dozen ways you
could abuse it.  Our general consensus on biometrics and smart-cards was
that it gained little for an individual.  It's convienient, but does
little and perhaps nothing to really protect you.

On the other hand, it can be a big benefit to large organizations, and
is an amazingly easy thing to abuse.  It's also perhaps the biggest and
most dangerous Pandora's Box we've ever opened.

Biometrics are forever.  You can't change your biometric identification
like you can a numeric ID.  Once the wrong people have it, they have it
forever.

The only serious benefit to biometrics is in combination with physical
ID.  The two are combined.  That way access can be removed or changed so
that stealing your biometric data is not forever.

However, it doesn't solve the problem of "them" being able to identify
and track you.  Once the genie is out of the bottle, it is out forever.

All biometrics should have a few requirements:

All algorithms used to generate a key should be non-reversible so
that keys generated for verification cannot be reversed to reveal the
biometric data.  This keeps you from being tracked, but you still get
the benefits of biometrics to the individual.  Large organizations and
governments hate this idea of course.

Biometric information should never be used unsalted: that is, it should
never be used alone.  This way nothing associated with your ID is
permanent.  Everything based on your ID is still very personal to you,
but you can effectively change your biometric ID if you need to.  Need
is something that the individual should be free to determine.

We should try to use biometric data that requires user consent.  For
example, fingerprints can be lifted easily, but retina scans generally
require voluntary action.  Fingerprints are a really bad way of doing
it.

Finally, there is rarely a *NEED* for things to have any security at
all.  Anonymous cash is perfectly feasible, and there is absolutely no
reason this needs to be tracked.  Yes, stealing it is like physical
money in that you lose that money, but that's been true for over
2000 years now.  It's at least not a new problem.

When you do want security, them make sure as above that all keys are
non-reversible, and transaction keys should be short-lived.  Even if
"they" record them, they will be invalid after the transaction is
completed.  The *ONLY* thing necessary is validation of the transfer
of information, wether that be money, your order, whatever.  There is
absolutely *ZERO* need for transactions to be recorded.

Bottom line: we can use biometrics and also create perfectly secure
transactions, and so so without privacy violations and abuse.  The way
things are going though, we are going to have to be far more vocal.
Current proposed systems are full of holes, are insecure, and are a
disaster for individual security and privacy.


-- 
shannon "AT" widomaker.com -- ["Tara is grass, and behold how Troy lieth
low--And even the English, perchance their hour will come!"]