Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Privacy Security

Subverting Fingerprinting 169

Posted by kdawson
from the on-a-stalk dept.
squizzar writes in with news of a 27 year old Chinese woman who was discovered to have had her fingerprints surgically swapped between hands in order to fool Japanese immigration. "It is Japan's first case of alleged biometric fraud, but police believe the practice may be widespread. ... The apparent ability of illegal migration networks to break through hi-tech controls suggests that other countries who fingerprint visitors could be equally vulnerable — not least the United States, according to BBC Asia analyst Andre Vornic." Time for some biometric escalation. Could iris scans be subverted as easily?
This discussion has been archived. No new comments can be posted.

Subverting Fingerprinting

Comments Filter:
  • by Somegeek (624100) on Monday December 07, 2009 @08:40PM (#30360410)

    "other countries who fingerprint visitors could be equally vulnerable — not least the United States", according to BBC Asia analyst Andre Vornic.

    Vornic needs to do some research. Criminals in the US have been attempting to surgically alter or mask their fingerprints since at least the 1930s, and the FBI has been researching the techniques since then as well. I remember reading about this in a book from the 60's, where a counterfeiter surgically swapped his prints around, and the FBI recognized them, out of order, and matched them back up with the original fingers.

  • Re:Woah (Score:5, Informative)

    by Idiomatick (976696) on Monday December 07, 2009 @09:12PM (#30360688)
    According to mythbusters you could get past most scanners with a photocopy of someone else's fingers :P
  • This will be quite e (Score:1, Informative)

    by Anonymous Coward on Monday December 07, 2009 @10:50PM (#30361412)

    Hi There,

    I work for a company that has designed and implemented fingerprint bordergate security for many countries. This may include the country in mention.

    This problem will be quite easily overcome. As processing power increases, it will be increasingly easy to search more combinations of captured fingerprints against prints stored on a database. For instance, at this time there is no need to search somebody's right thumb against all of the left thumbs stored in the database. This is for obvious reasons. The fingerprints that are captured in a process as described in the article are not hashed together or in any other way combined, they are simply searched individually against prints stored on a database for the given finger position.

    The solution is to simply search each fingerprint against (at least) the fingerprint stored for the opposing hand. You could also search against the entire database. This is similar to the process used when lifting a fingerprint from a crime scene, in which case the finger of origin is often unknown.

    So, the solution will be quite simple, and will simply require more processing power for the search. More money to the vendors.

  • Re:Woah (Score:2, Informative)

    by vxice (1690200) on Monday December 07, 2009 @11:45PM (#30361756)
    that was likely a low tech scanner. Just because it says it scans for fingerprints doesn't mean it really does and just like in any other field you get what you pay for. I work on biometrics projects at my school and one of the labs I used to work in had a hand geometry scanner, made a dozen or so measurements of the length and such of fingers one of the older and less secure methods, it required an id number because while unlike fingerprint hand geometry is good for a one to any search. meaning that it will only confirm an id because mostly the accuracy is so low compared to what it would need to determine different people without combining other security vectors. Just keep in mind not all scanners are created equal and not all modalities, different biometric paths such as fingerprint iris and many others, are equal and they can be easily combined to increase security in a similar way multiple passwords adds security and it needs to be tailored to the application just like any other security approach. and just like all other methods of security it is a cat and mouse game.
  • by Anonymous Coward on Tuesday December 08, 2009 @12:02AM (#30361838)

    Well, I'd get in trouble for this if I didn't post anonymously....

    I work for a Fingerprint Sensor manufacturer. There are roughly two of those for current laptops (Authentec and Upek), with several other up-and-comers (Validity, Egistech), and a legion of failed manufacturers.

    The ability to spoof a fingerprint sensor using a printed fingerprint is highly dependent on the specific technology used. As I remember the Mythbusters episode, they used an optical placement fingerprint sensor (glass plate that you put your finger down on, and hold it still). You won't find those in any current laptop designs - they cost too much money, and they are susceptible to easy spoofing. Microsoft currently sells an add-on optical placement fingerprint sensor.

    Current FPS technology for laptops is a swipe sensor - a small rectangle that you place your finger on, then swipe. The technologies involved in acquiring the fingerprint are sufficiently different between manufacturers that, without testing, it's hard to say which sensors will be susceptible to a paper spoof and which won't, which will be susceptible to a Gummi Bear spoof and which won't.

    In general, I'm sure you'd find that current sensors are far less susceptible to spoofed fingerprints than sensors just a few years agos. But, I'm also sure that you'd find some current sensors that were easily spoofed.

     

  • Iris size: Trivial (Score:5, Informative)

    by DrYak (748999) on Tuesday December 08, 2009 @07:01AM (#30363728) Homepage

    Also the eye may dilate as you kill them which will also fuck the result.

    Mydriasis happens with death, indeed.
    But it's almost trivial to induce myosis instead, using the proper chemicals. (Cocaine, as an example of something which won't be difficult to obtain for would-be criminals. As a bonus, this same substances doubles as a way to kill the victim through overdoses AND a way to preserve the iris in myosis).

  • by DrYak (748999) on Tuesday December 08, 2009 @07:40AM (#30363912) Homepage

    We have already made eyeball replacements. Low resolution, only 12x12px, and it transmits the signals to your brain via the tongue, BUT IT WORKS.

    Sorry, no. The thing is a *retinal* replacement.
    That's where the whole trick lies.

    The main problem is the way the signal processing in the eye function - the eye is already central nervous system.

    Absolutely everywhere in the body, senses signal are processed the exact same way :
    Some specilised type of cell detects some event (chemical, physical, whatever).
    This signal is carried from there by a nerve - which linkes peripheral nervous system to central nervous system - to a first place (in the central nervous system) where the signal is processed : instead of discrete event and absolute signals (which could be subject to noise, level drift, etc.), the input from several source are averaged, and local differences is made between input. The output signal is not "local levels", but "global levels" and "constrast and other difference between points of data". That data - after going through a relay/gate (usually the Thalamus) is processed further by the brain. Thus the brain doesn't work in terms of signal strength, but in terms of variations over space and time.

    With other sense : It easy, the nerves transmit the raw data, and the first process is occurring in places like the spins or the basal ganglia. There's a pretty simple 1-to-1 mapping between the things you sense and the signal in the nerves. And as the signal come from various parts of the body, the skin, whatever. it's pretty much easy to map "who is who" at a level where the nerves are still spread out. (Cochlear implants exploit this nicely : this signal is just a representation of the physical manifestation, and it's nicely spread along the cochlea. It's easy to find where to place each electrode for each corresponding sound frequency).

    With sight : well it's not easy. This time, the first processing happens already in the eyeball. Those nice 1-to-1 nerves are the layers of cells which connects the deep photosensors (rods and cones) with the surface neural cells (which do the processing). This surface layer of cell works as the first central nervous system processor. What goes out of the eyeball is an already processed information, like the one which climbs up the spin in other senses.
    The optical nerves itself is not a nerve technically. It connects 2 parts of central nervous system : the upper layer in the retina and the nucleus in the brain (which works as relay/gate).

    From this come several problem:
    - It's central nervous system. The connection can't regrow. Therefore the brain can't rewire itself to use the new eyeball as suggested by GP.
    - It's processed signal. What travels the nerve are not pixels, but already processed data : contrast information about the picture, global light levels, etc.
    - It's not nicely spread out. Instead it's lots of nerves wrangled together in a small area which don't 100% follow spacial representations of the pictures on the retina. (Ok, you can globally make distinction between left and right parts. but you can be precise down to each nerve fiber). It's like trying to map body regions on a cross-section of the spine it's hard to get it beyond a certain resolution.

    Therefore it's easier to imagine a connection to the optical zone of the brain (like the huge plug at the back of the cranium in Matrix).
    - You still got the "processed signal" problem (you can't just send raw pixels there)
    - But at least its a region spread over a certain surface, thus having better accessibility and easier to map than everything wrangled together in a nerve
    - And it's close to the target. There is no need for new nerves to grow, the signal is already there.

Always draw your curves, then plot your reading.

Working...