FC: IEEE's Steven Cherry, Roger Clarke on biometric tech, problems

From: Declan McCullagh (declanat_private)
Date: Tue Nov 12 2002 - 22:01:27 PST

  • Next message: Declan McCullagh: "FC: Two more replies to Americans with Disabilities Act and the web"

    Previous Politech message:
    "Biometric technologies and their problems, from German magazine c't"
    Date: Mon, 11 Nov 2002 16:25:15 -0500
    To: Declan McCullagh <declanat_private>
    From: Steven Cherry <s.cherryat_private>
    Subject: Re: FC: Biometric technologies and their problems, from German
      magazine c't
    In a September article ("Who Goes There? 
    <http://www.spectrum.ieee.org/WEBONLY/resource/sep02/911e.html> I mentioned 
    the German work in my final paragraph.
    Here's the last part of the one-page piece, which gives you the set-up:
    >Older, but not wiser
    >Older ID and document systems have their own problems. Credit card theft 
    >is a perennial, and apparently growing, problem. Even smart credit cards, 
    >such as the American Express Blue card, can be hacked, as two researchers 
    >in the United Kingdom recently proved. And in New Jersey, an investigation 
    >by the Bergen County Record found that, among other things, security 
    >failings allow driver's licenses to be issued despite the presentation of 
    >inadequate identifying documents. New Jersey was home to at least four of 
    >the 11 September hijackers, two of whom reportedly had valid state 
    >driver's licenses.
    >Even with valid documents, problems arise. In recent years, the U.S. 
    >Social Security Administration routinely issued tens of thousands of 
    >Social Security numbers to noncitizens who presented insufficient or 
    >counterfeit identification.
    >Adding biometric information to driver's licenses may not be enough. 
    >Researchers at Yokohama National University in Japan have found they were 
    >able to replicate fingerprints with a cheap artificial "skin." They 
    >photographed a fingerprint left on a drinking glass, enhanced it with 
    >photo-editing software, and then used a photosensitive sheet to transfer 
    >it three-dimensionally to a sheet of copper. From there they could move 
    >the image onto a highly elastic food-based gelatin. The fingerprint was 
    >recognized by a variety of security systems about 80 percent of the time.
    >That may be more work than is really needed. A recent book by three German 
    >researchers told how they defeated a fingerprint scanning system by 
    >breathing "gently upon the sensor's surface." They reported that on the 
    >screen of the biometrically protected computer, "we were able to see the 
    >contours of an old fingerprint slowly reemerge." In all, the team tested 
    >11 biometric security systems and, by a variety of means, defeated each of 
       Steven Cherry, +1 212-419-7566
       Senior Associate Editor
       IEEE Spectrum, 3 Park Ave,  New York, NY 10016
       <s.cherryat_private>  <http://www.spectrum.ieee.org>
    Date: Fri, 8 Nov 2002 13:29:18 +1100
    To: declanat_private
    From: Roger Clarke <Roger.Clarkeat_private>
    Subject: Re: FC: Biometric technologies and their problems, from German
      magazine c't
    >From: Markus Kuhn
    >Date: Wed May 29, 2002  11:16:20 AM US/Pacific
    >Subject: c't: unsupervised biometric scanners more toys than serious 
    >security measures
    >An even more fatal blow to off-the-shelf *unsupervised* biometric
    identification products was given recently by three authors in an
    article in the well-respected German computer magazine c't:
    >   Lisa Thalheim, Jan Krissler, Peter-Michael Ziegler: Körperkontrolle --
    >   Biometrische Zugangssicherungen auf die Probe gestellt.  c't 11/2002,
    >   Heise Verlag, ISSN 0724-8679, p 114-, 17 May 2002.
    >   http://heise.de/ct/english/02/11/114/
    Valuable paper, that!
    My summary of the quality challenges to biometrics is in slides 13-20 of a 
    presentation to a Uni of Hong Kong seminar in May:
    http://www.anu.edu.au/people/Roger.Clarke/DV/BiomHKU.ppt (Achtung!  Ppt!)
    I still haven't had time to finish the paper, but the flavour is given in 
    my notes from CFP in April:
    Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
    Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                     Tel: +61 2 6288 1472, and 6288 6916
    mailto:Roger.Clarkeat_private           http://www.xamax.com.au/
    Visiting Professor, Uni of Hong Kong, Dept of Comp Sci and Info Sys
    Visiting Fellow, Australian National University, Dept of Comp Sci
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    Recent CNET News.com articles: http://news.search.com/search?q\clan

    This archive was generated by hypermail 2b30 : Wed Nov 13 2002 - 03:38:26 PST