www.nettime.org
Nettime mailing list archives

RE: [Nettime-nl] Biometrics not so safe
Leon Kuunders on Thu, 23 May 2002 15:42:01 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [Nettime-nl] Biometrics not so safe


Deze informatie werd door Bruce Schneier in z'n laatste cryptogram ook
gegeven. Verder moet worden aangetekend dat al langer bekend is dat veel
z.g. veilige oplossingen bij nader inzien helemaal niet veilig blijken te
zijn. En alhoewel men natuurlijk wel kan zeggendat 100% veiligheid niet
bestaat, komen we wel op het punt dat men steeds meer 'waarde' gaat hecten
aan dit soort technieken.

Het door het Rathenau instituut georganiseerde seminar in januari gaf ook al
een ontnuchterende kijk op ontwikkelingen (beter, stilstand) rondom facial
recognition software. Slechte en onbetrouwbare resultaten zijn aan de orde
van de dag.

M'n moeder verzuchtte vroeger al "waar gaat dat heen?"

Leon

"De nationale identiteitskaart - goed of slecht?"
http://www.moonfather.com/weblog/nlarchives/000362.html

> -----Original Message-----
> From: nettime-nl-admin {AT} nettime.org
> [mailto:nettime-nl-admin {AT} nettime.org]On Behalf Of felipe rodriquez
> Sent: 23 May 2002 15:05
> To: nettime-nl {AT} nettime.org
> Subject: [Nettime-nl] Biometrics not so safe
>
>
>
>
>
> http://staging.infoworld.com/articles/hn/xml/02/05/16/020516hngums.xml?T
> emplate=/storypages/printfriendly.html
>
> May 16, 2002 12:53 PM
>
> Japanese researcher gums up biometrics scanners
> By Sam Costello
>
> A JAPANESE RESEARCHER has demonstrated that some biometric fingerprint
> readers can often be fooled into granting access to unauthorized users
> with a few dollars of household supplies and a little ingenuity.
>
> The discovery was disclosed on May 14 in a presentation given by Tsutomu
> Matsumoto -- who is affiliated with the Graduate School on Environment
> and Information Sciences at Yokohama National University in Japan -- at
> the ITU-T Workshop on Security being held in Seoul, South Korea.
> Matsumoto posted his presentation online but news of the discovery was
> spread most widely through the new issue of security guru Bruce
> Schneier's Crypto-Gram e-mail newsletter, which was released Wednesday.
>
> "The results are enough to scrap the systems completely, and to send the
> various fingerprint biometric companies packing. Impressive is an
> understatement," Schneier wrote.
>
> The data seems to contradict the claims of companies that sell biometric
> authentication systems. They have said biometrics are among the
> hardest-to-crack security methods since they rely on the unique physical
> characteristics of their users. Matsumoto, however, was able to gain
> unauthorized access with two relatively simple techniques, according to
> Schneier's report on the tests.
>
> Matsumoto performed his experiments on 11 different biometric
> fingerprint scanners using a fake finger molded out of gelatin.
> Matsumoto made a plastic mold of a real finger, and then created the
> false finger by injecting gelatin into the mold. The gelatin finger was
> able to gain unauthorized access through the 11 fingerprint scanners
> about 80 percent of the time, according to Schneier.
>
> Matsumoto then attempted a more complicated experiment in which he drew
> latent fingerprints from a piece of glass and attempted to add those
> prints to the gelatin finger, Schneier wrote. After lifting the
> fingerprint from the glass, he enhanced it, photographed it and tweaked
> it in Adobe Systems' Photoshop, he said. Matsumoto then printed the
> fingerprint onto a transparency sheet and had it etched into a
> photosensitive circuit board. The print on the circuit board was then
> applied to the gelatin finger. This technique also allowed access about
> 80 percent of the time, Schneier wrote.
>
> "If he could do this, then any semi-professional can almost certainly do
> much, much more," Schneier wrote.
>
> "All the fingerprint companies have claimed for years that this kind of
> thing is impossible. When they read Matsumoto's results, they're going
> to claim that they don't really work, or that they don't apply to them,
> or that they've fixed the problem," Schneier wrote. "Think twice before
> believing them."
>
> Matsumoto's presentation is available online at
> http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf
>
>
> ______________________________________________________
> * Verspreid via nettime-nl. Commercieel gebruik niet
> * toegestaan zonder toestemming. <nettime-nl> is een
> * open en ongemodereerde mailinglist over net-kritiek.
> * Meer info, archief & anderstalige edities:
> * http://www.nettime.org/.
> * Contact: Menno Grootveld (rabotnik {AT} xs4all.nl).
>

______________________________________________________
* Verspreid via nettime-nl. Commercieel gebruik niet
* toegestaan zonder toestemming. <nettime-nl> is een
* open en ongemodereerde mailinglist over net-kritiek.
* Meer info, archief & anderstalige edities:
* http://www.nettime.org/.
* Contact: Menno Grootveld (rabotnik {AT} xs4all.nl).