Monday, November 17, 2003

Bruce Schneier includes an email from Ton van der Putte in his latest CRYPTO-GRAM, November 15, 2003. In September 2000 van der Putte and colleague Jeroen Keuning published a paper, Biometrical Fingerprint Recognition: Don't Get Your Fingers Burnt, on the drawbacks of biometric identification, specifically verification based on fingerprints.

Van der Putte and Keuning say is is now possible to make a dummy finger that will fool a fingerprint reader in 10 to 15 minutes, with materials available at most DIY stores. They also say:

"So it is our opinion, that as long as the manufacturers of fingerprint equipment do not solve the live detection problem (i.e. detect the difference between a live finger and a dummy), biometric fingerprint sensors should not be used in combination with identity cards, or in medium to high security applications. In fact, we even believe that identity cards with fingerprint biometrics are in fact weaker than cards without it. The following two examples may illustrate this statement.

1. Suppose, because of the fingerprint check, there is no longer visual identification by an official or a controller. When the fingerprint matches with the template in the card then access is granted if it is a valid card (not on the blacklist). In that case someone who's own card is on the blacklist, can buy a valid identity card with matching dummy fingerprint (only 15 minutes work) and still get access without anyone noticing this.

2. Another example: Suppose there still is visual identification and only in case of doubt--the look-alike problem with identity cards--the fingerprint will be checked. When the photo on the identity card and
the person do not really match and the official asks for fingerprint verification, most likely the positive result of the fingerprint scan will prevail. That is, the "OK" from the technical fingerprint system will remove any (legitimate) doubt.

It is our opinion that especially the combination of identity cards and biometric fingerprint sensors results in risks of which not many people are aware."

Can somebody please draw this to the attention of our own Home Secretary, who apparently threatened to resign if he didn't get his own way on the national identity card. Just keep repeating the soundbite - biometrics may be unique but they are not secret.

No comments: