Maker Pro
Maker Pro

Fingerprint Lock Busted!

D

David L. Jones

Jan 1, 1970
0
Rene said:
To many scripts on this page...

Why does anyone think a fingerprint system is safe ?
Because the FBI once claimed the (rolled!)
fingerprints are unique to 1 in 1E9 ? This claim has
never been proven, by the way. I once was involved :

http://www.ibrtses.com/projects/fingerprint.html

The results weren't that good, and solutions tricky.

We have a biometric fingerprint scanner ID system at our work and the
IT guys set it to take only a 6 point measurement. The system is
capable of taking up to 15 points, but they don't want to be called out
to troubleshoot it for every second person.

Dave :)
 
I

ian field

Jan 1, 1970
0
Frithiof Andreas Jensen said:
Here is a HowTo:

http://www.diva-portal.org/liu/abstract.xsql?dbid=2397

Whats really neat is that Marie Sandström used a PCB to provide the
mould for the fake fingerprints (and of course that we need wimmen in
enginerring)

Talking of PCBs, and its likely less of a problem with the relentless march
of SMD, when I used to handle a lot of PCBs my fingerprints were
unreadable! - I'd have stood less chance of gaining authorised access than
the most amateur hacker!!!
 
F

Frithiof Andreas Jensen

Jan 1, 1970
0
ian field said:
Talking of PCBs, and its likely less of a problem with the relentless
march of SMD, when I used to handle a lot of PCBs my fingerprints were
unreadable! - I'd have stood less chance of gaining authorised access than
the most amateur hacker!!!

Heh: My only real job today was to update the fault database with the
solution to a problem and a few patches.
My password had expired (does every 30 days for "security reasons" i.e. job
security at IT "services").
Asked for new password, got it after a few hours, it did not work so
re-raise the error but by then Bombay has gone home!
Oh well, tomorrow is a new day and I will bring a book!

Love that Outsourcing; I feel more productive every day - by comparison that
is!
 
M

Mike

Jan 1, 1970
0
Rene Tschaggelar said:
To many scripts on this page...

Why does anyone think a fingerprint system is safe ?
Because the FBI once claimed the (rolled!)
fingerprints are unique to 1 in 1E9 ? This claim has
never been proven, by the way.

You're off by a few orders of magnitude, Rene. 88 orders, in fact. The FBI
claims 1 in 1E97.

Isn't that amazing? What's even more amazing, though, it that they think
they _have_ proven it.

http://www.newscientist.com/article.ns?id=dn4611
Epstein, Robert, "Fingerprints Meet Daubert: The Myth of Fingerprint Science
is Revealed," So. Cal. Law Review, vol 75:605, 2002, p.630.

If your original number, 1 in 1E9, was correct, then (extending the birthday
paradox to 1E9 possible birthdays) in any city of 38,000 people, the odds
are greater than 50% that two people would have identical fingerprints. It
doesn't exactly inspire confidence in the system, does it?

-- Mike --
 
H

Homer J Simpson

Jan 1, 1970
0
You're off by a few orders of magnitude, Rene. 88 orders, in fact. The FBI
claims 1 in 1E97.

IIRC, that's greater than the number of particles in the universe. Doubt it.
















....
 
R

Rene Tschaggelar

Jan 1, 1970
0
Mike said:
You're off by a few orders of magnitude, Rene. 88 orders, in fact. The FBI
claims 1 in 1E97.

Isn't that amazing? What's even more amazing, though, it that they think
they _have_ proven it.

http://www.newscientist.com/article.ns?id=dn4611
Epstein, Robert, "Fingerprints Meet Daubert: The Myth of Fingerprint Science
is Revealed," So. Cal. Law Review, vol 75:605, 2002, p.630.

Got to read it yet.
If your original number, 1 in 1E9, was correct, then (extending the birthday
paradox to 1E9 possible birthdays) in any city of 38,000 people, the odds
are greater than 50% that two people would have identical fingerprints. It
doesn't exactly inspire confidence in the system, does it?


But still much better than a simple signature.
Or could you keep 40k people apart by just looking
at them ?

Rene
 
R

Rene Tschaggelar

Jan 1, 1970
0
If your original number, 1 in 1E9, was correct, then (extending the birthday
paradox to 1E9 possible birthdays) in any city of 38,000 people, the odds
are greater than 50% that two people would have identical fingerprints. It
doesn't exactly inspire confidence in the system, does it?

The last time I was involved, we would have been thrilled
to even be be able to verify 1e6 FAR @ 1e2 FRR or so.
It looks far simpler than it really is hands on.

Rene
 
M

Mike

Jan 1, 1970
0
Rene Tschaggelar said:
The last time I was involved, we would have been thrilled
to even be be able to verify 1e6 FAR @ 1e2 FRR or so.
It looks far simpler than it really is hands on.

I agree, Rene. I'm not a fingerprint expert, but a brief review of the
fingerprint literature is devoid of the keywords I thought I would find.
There's no mention of noise, distance, noise enhancement, error rate, or
anything else that a communication engineer would expect to see. I was truly
amazed to see that the fingerprint community believes that the error rate of
the fingerprint identification process is zero.

Latent prints are often highly filtered to "enhance" the high frequency
components so an identification can be made. Even though that should lead to
errors, the fingerprint community seems to be completely ignorant of the
effects of high pass filtering on noise.

-- Mike --
 
R

Rene Tschaggelar

Jan 1, 1970
0
Mike said:
I agree, Rene. I'm not a fingerprint expert, but a brief review of the
fingerprint literature is devoid of the keywords I thought I would find.
There's no mention of noise, distance, noise enhancement, error rate, or
anything else that a communication engineer would expect to see. I was truly
amazed to see that the fingerprint community believes that the error rate of
the fingerprint identification process is zero.

Latent prints are often highly filtered to "enhance" the high frequency
components so an identification can be made. Even though that should lead to
errors, the fingerprint community seems to be completely ignorant of the
effects of high pass filtering on noise.

-- Mike --
Mike,
there are basically two communities. One is the law
& law enforcement community and to them a fingerprint is
error free, and their view is little to not opposed.
And then there is there is the community of automated
fingerprint authentication devices. They have numbers
such as false acceptance ratio, false rejection ratio
traded against each other. They are very catious to
sell the technology. Imagine your bank's automated
teller card is enhanced with your finger print. You're
on the way to the opera with your beloved and just need
some spare cash. The machine cannot match you finger
print for whatever reason, you're not going to the
opera an the evening is spoilt. That makes a lengthy
call to the bank the next business day. So if every
thousendth withdrawal fails, that would make another
5 storey call center. You may grasp some sense for
reality in this community then.

Rene
 
R

Richard Crowley

Jan 1, 1970
0
"Rene Tschaggelar" wrote ...
there are basically two communities. One is the law
& law enforcement community and to them a fingerprint is
error free, and their view is little to not opposed.

And the "match" results (whether manual or automatic)
are examined in detail by humans. At the very least by
the defense attorney (or their experts) if not also by the
prosecution expert(s).
And then there is there is the community of automated
fingerprint authentication devices. They have numbers
such as false acceptance ratio, false rejection ratio
traded against each other.

Where it is expected to run (instananeously) on inexpensive,
mass-produced hardware with some reasonable accuracy.
In the opinion of people who need serious security, the
technolgoy ain't there yet.
 
Top