New Chip Verifies Fingerprints (fwd)
Veridicom, a spinoff of Lucent Technologies, just demoed (at CardTech/SecurTech '97) their chip that can perform fingerprint recognition/authorization. They plan on selling them for $300 each (same cost as this face recognition system Gregory's mentioned). The article doesn't say when they will be available.
http://www.sfgate.com/cgi-bin/chronicle/article.cgi?file=BU41045.DTL& directory=/chronicle/archive/1997/05/22
I am mailing this to cypherpunks and BCCing the original list because it is not nearly as open. I am putting on my cypherpunk hat here, and although this is not a general discussion list I think this warrants comment. (I would also like to see what the cypherpunks have to say.) Eric Hughes said that "Cryptography is about economics." When I am designing a system, I weigh the cost of securing the system verses the expected loss that will be incurred if the system is not secure. The cellular phone industry decided that it would cost them more to secure their system than it would to swallow the losses. They were wrong, but I will not digress into that. The point here is clear. Security is an economic choice. It is a business decision. Furthermore, if I decide to secure a system, I need only use enough security such that the cost to break that security is equal to the value of that which is being secured. Any additional security is a waste of money. When I am breaking a system I will always attack the weakest link (unless I am doing this for intellectual challenge but that is not really the point here). This is obvious. Lets take a look at a sample Biometric security system: Fingerprints are used to replace the pin codes on an ATM. I am being very general here, but there are four main peices to this system. The banking network itself, which is DES encrypted, the ATM, the biometric system and the human being. Note the contrast with a non-biometric system, which consists of the network, the ATM, and a pin code. Biometrics pull the human into the equation. Cracking DES would cost more than a million dollars. I can't put a value on cracking the ATM, but they are designed to be difficult to open up and most are in places where they are very visible, so the cost is very high. I have not seen anyone present a method for attacking a biometric security device. If you assume that you will have to develop one you are again talking about millions. How about "cracking" the human... How much does a good sturdy knife cost? Less than $20. If I get mugged and the mugger wants access to my bank account all he has to do is chop off the relevant finger. Don't laugh. This *WILL* happen. Biometrics create an general economic incentive for maiming or murdering people. I will take you one further... *When you implement a biometric system you are deciding that the value of that which is being protected is greater than the value of the lives of the people who have access to it.* This is obvious if you look at the trade-offs. You are securing the system such that the easiest way to break it is to kill a person. Obviously this will reduce your instances of fraud, as killing a person is more messy then hacking a pin code. However, because the cost of killing someone is smaller than the value of the object being protected, there are going to be losses. You have to decide that you are capable of swallowing those losses. You have to decide that the value of the decrease in fraud over a non-biometric system is greater than that of the lives of the people who are lost when fraud does occur. This is a despicable situation, but don't think you won't see it. It is probably inevitable now. One additional point. The possibilities for surveilance inherent in biometrics are fearsome. If I managed to compile a large database of people's names, social security numbers, and face prints; I could set up a closed circuit camera system in my store which would provide me with the name, home address, credit, and other information about every person who enters my business, AUTOMATICALLY, without the customers even being cognisant that this is going on. The marketing people will be going nutz over this possibility. I'm going to the drug store for some Pepto... -- */^\* Tom Cross AKA Decius 615 AKA The White Ninja */^\* Decius@ninja.techwood.org "If the economic, social and political conditions... do not offer a basis for the realization of individuality, while at the same time people have lost those ties which gave them security... powerful tendencies arise to escape from freedom into submission." -- Erich Fromm
On Fri, May 23, 1997 at 12:27:28AM -0400, Decius 6i5 wrote:
Veridicom, a spinoff of Lucent Technologies, just demoed (at [...]
If I get mugged and the mugger wants access to my bank account all he has to do is chop off the relevant finger. Don't laugh. This *WILL* happen. Biometrics create an general economic incentive for maiming or murdering people.
I'm not so sure that this is realistic. I have heard that earlier fingerprint reading cards were very sensitive to size distortion -- that is, if you swung your arm in a circle to increase the blood pressure in your hand, they would give a false reading, because of the swelling in the fingers would be sufficient to throw off the recognition software -- a smart card isn't *that* smart. A problem of false negatives. If you cut off a finger the blood pressure will go to zero, and the dimensions will change quite a bit, relatively speaking.
I will take you one further... *When you implement a biometric system you are deciding that the value of that which is being protected is greater than the value of the lives of the people who have access to it.*
This is obvious if you look at the trade-offs. You are securing the system such that the easiest way to break it is to kill a person. Obviously this will reduce your instances of fraud, as killing a person is more messy then hacking a pin code. However, because the cost of killing someone is smaller than the value of the object being protected, there are going to be losses. You have to decide that you are capable of swallowing those losses. You have to decide that the value of the decrease in fraud over a non-biometric system is greater than that of the lives of the people who are lost when fraud does occur. This is a despicable situation, but don't think you won't see it. It is probably inevitable now.
You don't have to kill or maim some to induce cooperation, and biometric devices can be designed to pretty much require that the subject be living. Extortion or seduction are both quite viable, and work with any security system. Biometrics don't really add anything. Your point is just as meaningful for cryptography. All strong crypto does is move the weak spot around. Incidentally, I have heard (from a probably reliable source) that the best biometric is a retina scan -- very reliable, hard to spoof, *very* few false negatives. [False positives are real bad for any security system, of course. False negatives are why you want back up modes of access.] -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
"D6" == Decius 6i5 <decius@ninja.techwood.org> writes:
D6> If I get mugged and the mugger wants access to my bank account D6> all he has to do is chop off the relevant finger. Don't D6> laugh. This *WILL* happen. Biometrics create an general D6> economic incentive for maiming or murdering people. Not to detract from your philosophical point, but I saw a demonstration of a similar device over six years ago which not only sampled the fingerprint pattern, but also the blood vessels beneath the skin and blood flow patterns. The intent was, obviously, to increase the difficulty level of creating a synthetic replacement, but an (incidental?) advantage is that cutting off the finger in question and presenting it without a blood supply would not work. While it is still feasible to attach artificial blood pumping mechanisms etc, it is no longer a $20 equipment budget. D6> I will take you one further... *When you implement a biometric D6> system you are deciding that the value of that which is being D6> protected is greater than the value of the lives of the people D6> who have access to it.* Once again, this assumes that the biometric system does not require a living breathing subject to work upon. This is not necessarily a valid assumption. Whilst the simpler systems may indeed be fooled (although that is perhaps not the best term) by morbid samples, it is certainly feasible to require living tissue. The remainder of your argument, which I shan't quote, likewise revolves around the assertion that killing someone will always gain you the access you desire. This is untrue. If you wish to push this further, you could add stress analysis features to catch people operating under coercion, and quick blood sampling to catch those drugged into placidity who would otherwise be stressed (and incidentally, any substance abuse that you might be interested in). D6> One additional point. The possibilities for surveilance D6> inherent in biometrics are fearsome. If I managed to compile a D6> large database of people's names, social security numbers, and D6> face prints; I could set up a closed circuit camera system in D6> my store which would provide me with the name, home address, D6> credit, and other information about every person who enters my D6> business, AUTOMATICALLY, without the customers even being D6> cognisant that this is going on. The marketing people will be D6> going nutz over this possibility. I'm going to the drug store D6> for some Pepto... Now, this /is/ an important concern. However, there's little way around it. Authentication revolves around, in most cases, a high assurance of the identity of something. The technique of authentication is less of a concern than the possibilities of linking diverse records together into a single database - and that is a more interesting problem to try to solve. m.
participants (3)
-
decius@ninja.techwood.org -
dichro@yodel.iinet.net.au -
Kent Crispin