 |
|
|
|||
|
|||||
There is no doubt that fingerprint scanners are a very convenient form of identification. The technology is relatively non-invasive and quick, with the added benefit that placing one's finger on a painless sensor is a technology that doesn't scare users. In addition, fingerprints cannot be read involuntarily from a distance--contrast this with the iris scanners in the film Minority Report that track a hapless Tom Cruise. Another bonus is that the technology is now relatively inexpensive and for a few hundred dollars you can augment your PC or notebook with a fingerprint scanner.
Other types of biometric technologies are still fraught with problems, and iris scanners especially are all not they are hyped up to be. Unlike your fingerprints, your iris is a dynamic item, various light levels lead to stretching and contraction of the features, this requires more sophisticated software to carry out transforms to make a match. Also some features of your iris do change. For example, if you've been on a bender the night before and you're tired, your blood pressure will be elevated and you may have bloodshot eyes. All this is going to subtly, or not so subtly, change the topography of your iris. As a result of this the more inexpensive solutions have a higher false positive and false negative rate than is acceptable for many security purposes.
How secure are fingerprint scanners?
We are led to believe by many vendors that their fingerprint scanners are very secure with such marketing lines as "you can't give a friend a finger" or "you can't leave your finger lying around on a scrap of paper for anyone to read". As far as these statements go they are true, you do not have to remember your fingerprint as you do a password and, baring grisly scenarios, you and your fingerprint must be present to access a scanner.
At first it appears that if someone really wants the information locked away by your fingerprint the only way they are going to get at it is by coercion or removal of body parts. It has been discussed freely around the biometrics industry for some time that scanners should include additional sensors to ensure the finger that makes the print is alive, ergo still attached to your breathing body; ways to do this include say detection and measurement of your pulse for example.
To date, these additional safeguards have not been widely implemented, and the inexpensive technology we looked at here has certainly not inherited these features.
Unfortunately this is not the full story, there are ways of getting around fingerprint scanners that do not involve such drastic measures as abduction or the use of cleavers.
We have all witnessed spy shows like Mission Impossible and Charlie's Angels where the biometric security systems are tricked by fancy contact lenses with another person's iris print, or stick-on fingerprints duplicated by lifting the pattern of the fingerprints from the unsuspecting victim.
However, there is more than a grain of truth this time. To be blunt, you can trick most fingerprint scanners and there are various ways of doing so. But before you get all up in arms and ask well why are we even entertaining using these things if they are not truly secure let's look at what "security" really means.
For a start, security is a relative thing. For example you might leave $10 lying around in a drawer because if you lose it you will be annoyed but not destitute. On the other hand, you would not leave your life savings just sitting in a drawer. Another more obvious example is your door locks at home: they will quite effectively block 99 percent of the population and grant you a comfortable degree of security, but up against a determined expert, the average home security is a joke.
We were surprised with how easy it was to get around some of the fingerprint scanners. According to some security experts, the oily fingerprint residue left on a capacitive scanner can be "reactivated" simply by re-humidifying the latent print either by a hot breath from your lungs or gently placing a plastic bag of hot water on top of the latent print. Unfortunately, we did not have a capacitive fingerprint scanner to test this out but you can obviously take steps to ensure this does not happen by simply sliding your finger off the scanner plate in order to smear the latent print.
We found a great research paper on how to fool fingerprint scanners entitled Impact of Artificial "Gummy" Fingers on ngerprint Systems.
In essence the researchers at Yokohama National University in Japan found you could take in imprint of your fingerprint using moulding putty and then fill the mould with a very thick gelatine mixture, about the consistency of a "gummy bear" when set. The resultant fake finger could be used quite consistently to fool various optical and capacitive fingerprint scanners they had at their disposal. And, like the movie scenarios, you could adhere a slice of the fake finger over your own prints and walk up to a scanner under the watchful eye of a security guard, gain access, then once inside you can peel off the fake fingerprint and eat the evidence.
Obviously the above scenario requires the cooperation of the fingerprint donor but this does not have to be the case. Apparently, on average, we deposit 20 or so full or usable partial fingerprints in our travels each day, it would be a simple matter to hand the unsuspecting donor a glass wine and then steal away with the glass and the prints. The print can then be "lifted" using common super glue--the above research paper outlines all the steps involved.
Of course if security is really an issue, most organisations do not rely on a single form of authentication so you may use a finger print scanner in conjunction with a password or smart card to correctly authenticate an individual.
There are three basic types of fingerprint scanners: optical, capacitance, and RF imaging. For more information on how they work take a look at the following links from HowStuffWorks and AuthenTec.
