Ready or Not, Biometrics Finally in Stores 317
cancer4xmas writes: "It's very exciting to see USA Today's Technology front page saying, "Will that be cash, fingerprint or cellphone?" They're running a story on emerging biometric devices being the most fundamental change in personal finance since 1950, when the credit card was introduced. The concept is now being tested in some stores. Check out the full story." Now couple that tidbit with this morsel from wherley: "In a letter [scroll down a bit] to Bruce Schneier's Cryptogram newsletter, Ton van der Putte tells of a recent invitation from the BBC to comment on the addition of fingerprint biometrics to the British ID card. Using a digital camera and UV lamp he was able to make dummy fingerprints that fooled the readers - and in less time and less cost than similar experiments 10 years ago. He says: '...now the average do-it-yourselfer is able to achieve perfect results and requires only limited means and skills.'"
Some ATM's already have this (Score:2, Informative)
Its kind of scary that a fingerprint is so easy to forge. It would be so simple to wipe out someone's life savings.
I would have expected banks to adopt this technology only after it has been widely proven to be secure. Instead they are the guinea pigs risking your money. Something's wrong with this picture.
I'm glad I didn't have an account there. Would your money be federally insured if it were stolen by a forged fingerprint? How could you prove it was a forgery (assuming the forger hid his face from the camera above the ATM)?
Re:Ouch (Score:1, Informative)
Actually, severed fingers won't read on a capacitance sensor [authentec.com], but then again the would-be thief wouldn't know that until after he "borrowed" your finger. Thankfully, if nothing else this means they'll leave it behind so the doctors can re-attach it.
Biometrics' shortcomings (Score:5, Informative)
That was a pretty big problem.
We decided on using biometrics as a 3rd or 4th level of authentication (to verify that someone using all of the other levels of authentication are who they say they are to a reasonable level of accuracy).
Hardly anyone ever uses biometrics correctly (Score:5, Informative)
I don't know why all of these so-called "security experts" keep on advocating biometrics with little or no understanding of their real properties, much less how they should be properly used. Biometrics can be used as unique identifiers, but biometrics are not secrets. They can provide a unique identifier in an already trusted environment, but alone they cannot be used for authentication, which is what so many of these "experts" are ready to do. If I steal your fingerprint using any of the simple yet effective techniques (none of which require me to cut off your finger) described by Ton van der Putte, it can't be un-stolen, and nobody will be able to give you a "replacement" fingerprint.
A quote that iluustrates this naivete from the USA Today article: "Biometrics is one way to really identify the customer you're dealing with," he [Steve Vallance] says. What a foolish, naive statement. Alone, biometrics cannot really identify anybody.
I really can't do any better than point people out to an article in yet another issue of Crypto-Gram, which first came out five years ago: Biometrics: Truths and Fictions [schneier.com].
Re:God, please, stop... (Score:3, Informative)
Too easily compromised (kinda hard to change your fingerprint) and very unreliable.
Fingerprints just are not unique enought and only work in small sample sets. For example, when a criminal investigation is being done the search is limited. When trying to do something like credit cards, you're talking about millions of people. It just won't work. Not solely using fingerprints. Not ever.
Re:Hardly anyone ever uses biometrics correctly (Score:5, Informative)
ATMs are secured this way. You've gotta have your card, know your pin, and look somewhat like you for the camera. (Looking wrong doesn't yet deny the transaction... but is a great tool when it comes to figuring out the "Whodunit?" that comes up when ATM fraud is discovered.)
In-store credit cards are slightly less secure. The card has to be present, and the person using the card has to perform the task of creating the proper signature that's on the card. (Again, a wrong signature might not always deny the transaction, but it creates a paper trail for later.) Some stores are advanced enough to also associate the security camera timecode to the transaction to create the visual trail as well, but that's not used as much as it could be as of yet.
Internet or phone card transactions are weaker because there's no demand that either a card or person been seen. That's why those transactions are also more expensive to get processed... they're more likely to result in a write-off from a scam transaction. They are less secure, and that's an admission of it. Still, smart e-merchants can protect themselves by performing some secondary security like only shipping to addresses related to the card.
Biometrics if used alone just the "somethng you are" test, but as we've seen it's going to be confused some of the time. Merging the fingerprint with a PIN number would at least get us to a two-test level of security... but the marketers of biometrics are insisting that their test alone is good enough. That's where they're seriously wrong, no test alone will ever be that good... that's why it's always best to double-check.
But not if you re-print your own finger/thumb. (Score:4, Informative)
This is far easier than pretending a severed thumb is your own, and with the use of acetone based prints (from the gelatine master) it is virtually impossible for a layperson to determine that you have an overlayed print on your thumb.
Just your $0.02... :)
Q.
Biometrics: Truths and Fictions (Score:4, Informative)
Biometrics are seductive: you are your key. Your voiceprint unlocks the door of your house. Your retinal scan lets you in the corporate offices. Your thumbprint logs you on to your computer. Unfortunately, the reality of biometrics isn't that simple.
Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognise each other's faces. On the telephone, your voice identifies you as the person on the line. On a paper contract, your signature identifies you as the person who signed it. Your photograph identifies you as the person who owns a particular passport.
What makes biometrics useful for many of these applications is that they can be stored in a database. Alice's voice only works as a biometric identification on the telephone if you already know who she is; if she is a stranger, it doesn't help. It's the same with Alice's handwriting; you can recognize it only if you already know it. To solve this problem, banks keep signature cards on file. Alice signs her name on a card, and it is stored in the bank (the bank needs to maintain its secure perimeter in order for this to work right). When Alice signs a check, the bank verifies Alice's signature against the stored signature to ensure that the check is valid.
There are a bunch of different biometrics. I've mentioned handwriting, voiceprints, and face recognition. There are also hand geometry, fingerprints, retinal scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.), and others. The technologies behind some of them are more reliable than others, and they'll all improve.
"Improve" means two different things. First, it means that the system will not incorrectly identify an impostor as Alice. The whole point of the biometric is to prove that Alice is Alice, so if an impostor can successfully fool the system it isn't working very well. This is called a false positive. Second, "improve" means that the system will not incorrectly identify Alice as an impostor. Again, the point of the biometric is to prove that Alice is Alice, and if Alice can't convince the system that she is her then it's not working very well, either. This is called a false negative. In general, you can tune a biometric system to err on the side of a false positive or a false negative.
Biometrics are great because they are really hard to forge: it's hard to put a false fingerprint on your finger, or make your retina look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is him and not someone else.
Biometrics are lousy because they are so easy to forge: it's easy to steal a biometric after the measurement is taken. In all of the applications discussed above, the verifier needs to verify not only that the biometric is accurate but that it has been input correctly. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file." What are the attacks here?
Easy. To masquerade as Alice, take a Polaroid picture of her when she's not looking. Then, at some later date, use it to fool the system. This attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify that the picture is of your face, only that it matches the picture of Alice's face on file, we can fool it.
Similarly, we can fool a signature biometric using a photocopier or a fax machine. It's hard to forge the vice-president's signature on a letter giving you a promotion, but it's easy to cut his signature out of another letter, paste it on the letter giving you a promotion, and then p
Re:Hardly anyone ever uses biometrics correctly (Score:2, Informative)
If the use of biometrics ever becomes widespread, I am sure that all of the above will attempted to some degree. The solution is that there must be a trusted person present to ensure that the biometric is measured properly - that the person is using their own fingerprint, is not using a tape-recorded voice, is not wearing special contact lenses etc... This would make forging a biometric much more difficult (similar to having to sign your name in the presence of a witness as opposed to photocopying it)
The upshot of all this is that it is not so important that someone steals your biometric. It is how the biometric is measured that is the determining factor. Therefore, the inability to keep biometrics secret should not a major impediment to their widespread use.
Please, don't stop! (Score:5, Informative)
Why stop with the steady stream of articles that point out the real shortcomings of biometrics? So you can keep your job? Sorry, but that's a pretty selfish reason that only works for you, your boss, and a handful of investors.
As Bruce Schneier pointed out years ago, biometrics are a double edged sword. Biometrics are hard to forge (I am deliberately ignoring the $0.50 gelatin trick that fools fingerprint readers since I assume someone will repair that particular shortcoming,) and look to the implementations of the systems for the weaknesses instead. Yes, they are hard to forge. But once the data is turned into bits, it's pathetically easy to copy. And you can't put the genie back in the bottle it once it's gone!
It comes down to "who do you trust?" Do you really trust the department store or the bank to not keep a copy of your biometric identification? What's to keep an unscrupulous merchant from intercepting a copy of your raw biometric data, and saving a copy?
I see signature capture pads all over the place these days. I categorically refuse to use them because I have no confidence that my signature won't be captured and replayed by the wrong person. You can't tell me that a "secure" system will prevent this, because I can't tell a secure system by looking at one. The promise of Open Source is no guarantee, either. Even if it had a picture of a penguin on the outside, a spiffy GNU-y logo, and OSF and SourceForge brand stickers on it, how do I know it's really "IdentifyMe_2.0" and not some hacked-up demo being run by Vinnie the Chiseler? People believe that when they walk into a Home Despot that Home Despot doesn't keep a permanent record of their signature. Of course they keep it; it's actually required by law to retain the audit copy for 36 months (42 in Illinois.)
There are also plenty of known cases [google.com] of fraudulent ATM machines that read your card, accept your PIN, spit out "TEMPORARILY UNABLE TO DISPENSE CASH", and report both your card and PIN to the machine's owner. How is a user supposed to be able to authenticate the biometric device is genuine; that it's not a sham, running a copy for a thief?
How will this change with fingerprinting, hand geometry, retinal scans, or whatever the biometric system of the week may be? It won't; it can't. And since the systems can never be trusted to not "steal" or retain copies of identification for future playback, the systems should never be used in the first place. Using them even one time will put your irreplaceable data in a system it may never escape from.
Biometrics are a technology that should not ever be mainstreamed. They might work fine for a secure military facility, but once they're out in the general populous for any length of time, the protections they represent are gone.
Re:Hardly anyone ever uses biometrics correctly (Score:3, Informative)
In other words, Schnier and others make public pronouncements that are out of their true field of expertise.
Not that he needs me to defend him, but Schneier's field of expertise has changed hugely over the last few years. He started out as a cryptographer but gradually discovered all of the limitations of mathematics with respect to security. If you read his most recent stuff, you'll see that he fully understands the notions of defense in depth, holistic security, security as a cost/risk analysis, multiple obstacles, etc.
It's also worth pointing out that many of the "old security" professionals rely less on their own skill at constructing good security systems and more on the tried-and-true procedures that have been developed over centuries, without necessarily understanding why. These procedures *are* good, and that's why they're used, but they can often break down in the face of changing conditions. More often, they end up just imposing annoyance without achieving anything relevant. In this rapidly-changing world, more formal, analytical viewpoints are also valuable alongside the tried-and-true.
Thus biometrics represent a a technique that can be used to enhance security. Can it be defeated? Yes, by itself.
Herein lies the problem with biometrics: They are not generally being applied to enhance existing security procedures, they're being applied to *replace* existing procedures. And although it depends on the environment, an unattended biometric livescan being compared with a relatively unsecure database is not a good replacement for a good password.
That said, fingerprints for payment authorization are a definite improvement (with respect to security and fraud -- ignoring other issues) over handwritten signatures, as long as their limitations are understood. In particular, it's important that a fingerprint authorization not be considered to be 100% authoritative when it comes time to resolve disputes. Stronger than a signature, yes, and also a good mechanism for tracking down criminals, but inadequate by itself to provide a conviction. In essence, using fingerprints to authorize payments is simply replacing one hard-to-check biometric (signature) with an easier, more reliable one.
Re:Not all created equal (Score:5, Informative)
Now you know one reason identity theft is so easy, store clerks are letting people try PIN numbers willy-nilly until they get the right one. There should be a 'five times' law, after which they cut your card up.
Re:Ouch (Score:3, Informative)
Systems only work when those that use them actually use them.
Re:Which state wants fingerprints? (Score:3, Informative)
Electrified TinFoil Hat Time... (Score:3, Informative)
I had to give a thumbprint.
Where I live, bank branches are asking for thumbprints from non-account holders wanting to cash checks.
This, despite:
- The check was written on that bank.
- The person can produce a driver's license to verify that they are the payee.
Yes, it's true that it cuts down costs of fraudulent checks that banks must bear. But it also increases risks to check cashers that their special identifier may be misused. What guarantee does the bank provide that the thumbprint won't be used for the single purpose of preventing fraud on that transaction and that it will be destroyed to prevent any possibility of further misuse?Heavy-handed tactics like this have really driven people to want to use cash more and more.
The fun side of money tracing [rr.com] is wheresgeorge.com [wheresgeorge.com]
But imagine if ATM machines used OCR to record the serial numbers of bills dispensed to people and if banks were required to inventory serial numbers of incoming currency, too.
Credit card and debit card transactions have already reduced the proportion of anonymous financial transactions. The technology exists to reduce financial anonymity a lot further.