Re: [Clips] Engineer Outwits Fingerprint Recognition Devices with Play-Doh

[Travis H.]

A recent magazine article suggested a spoofing technique involving
wrapping one's finger with a few layers of cellophane; the latent
print on the reader apparently is visible enough to be reused in this
manner, at least with some currently-available scanners.
--
http://www.lightconsulting.com/~travis/  -- Knight of the Lambda Calculus
We already have enough fast, insecure systems. -- Schneier  Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

[Clips] Engineer Outwits Fingerprint Recognition Devices with Play-Doh

[R. A. Hettinga]

Same story, different malleable substance...

Cheers,
RAH
---
--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Sat, 10 Dec 2005 11:08:14 -0500
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R. A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] Engineer Outwits Fingerprint Recognition Devices with
Play-Doh
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://www.linuxelectrons.com/article.php/20051209175034721


  Web LinuxElectrons

 Engineer Outwits Fingerprint Recognition Devices with Play-Doh

  Friday, December 09 2005 @ 05:50 PM CST
  Contributed by: ByteEnable
 Potsdam, New York - Eyeballs, a severed hand, or fingers carried in ziplock
 bags. Back alley eye replacement surgery. These are scenarios used in
 recent blockbuster movies like Steven Spielberg's Minority Report and
 Tomorrow Never Dies to illustrate how unsavory characters in high-tech
 worlds beat sophisticated security and identification systems.

 Sound fantastic? Maybe not. Biometrics is the science of using biological
 properties, such as fingerprints, an iris scan, or voice recognition, to
 identify individuals. And in a world of growing terrorism concerns and
 increasing security measures, the field of biometrics is rapidly expanding.

  Biometric systems automatically measure the unique physiological or
 behavioral 'signature' of an individual, from which a decision can be made
 to either authenticate or determine that individual's identity, explained
 Stephanie C. Schuckers, an associate professor of electrical and computer
 engineering at Clarkson University. Today, biometric systems are popping
 up everywhere - in places like hospitals, banks, even college residence
 halls - to authorize or deny access to medical files, financial accounts,
 or restricted or private areas.

  And as with any identification or security system, Schuckers adds,
 biometric devices are prone to 'spoofing' or attacks designed to defeat
 them.

  Spoofing is the process by which individuals overcome a system through an
 introduction of a fake sample. Digits from cadavers and fake fingers
 molded from plastic, or even something as simple as Play-Doh or gelatin,
 can potentially be misread as authentic, she explains. My research
 addresses these deficiencies and investigates ways to design effective
 safeguards and vulnerability countermeasures. The goal is to make the
 authentication process as accurate and reliable as possible.

  Schuckers' biometric research is funded by the National Science Foundation
 (NSF), the Office of Homeland Security and the Department of Defense. She
 is currently assessing spoofing vulnerability in fingerprint scanners and
 designing methods to correct for these as part of a $3.1 million
 interdisciplinary research project funded through the NSF. The project,
 ITR: Biometrics: Performance, Security and Societal Impact, investigates
 the technical, legal and privacy issues raised from broader applications of
 biometric system technology in airport security, computer access, or
 immigration. It is a joint initiative among researchers from Clarkson, West
 Virginia University, Michigan State University, St. Lawrence University,
 and the University of Pittsburgh.

  Fingerprint scanning devices often use basic technology, such as an
 optical camera that take pictures of fingerprints which are then read by
 a computer. In order to assess how vulnerable the scanners are to spoofing,
 Schuckers and her research team made casts from live fingers using dental
 materials and used Play-Doh to create molds. They also assembled a
 collection of cadaver fingers.

 Clarkson University Associate Professor of Electrical and Computer
 Engineering Stephanie C. Schuckers, with imitation fingers. Simple casts
 made from a mold and material such as Play-doh, clay or gelatin can be used
 to fool most fingerprint recognition devices. Schuckers, an expert in
 biometrics, the science of using biological properties, such as
 fingerprints or voice recognition, to identify individuals, is a partner in
 a $3.1 million interdisciplinary biometrics research project funded by the
 National Science Foundation with support from the Department of Homeland
 Security.
  In the laboratory, the researchers then systematically tested more than 60
 of the faked samples. The results were a 90 percent false verification rate.

  The machines could not distinguish between a live sample and a fake one,
 Schuckers explained. Since liveness detection is based on the recognition
 of physiological activities as signs of life, we hypothesized that
 fingerprint images from live fingers would show a specific changing
 moisture pattern due to perspiration but cadaver and spoof fingerprint
 images would not.

  In live fingers, perspiration starts around the pore, and spreads along
 the ridges, creating a distinct signature of the process. Schuckers and her
 research team designed a computer algorithm that would detect this pattern
 when