.comment-link {margin-left:.6em;}

Ontario Technoblog

Ontario Emperor technology blog.

This blog has been superseded by the mrontemp blog
Location: Ontario, California, United States

Sometime audio artist. Email comments on this blog to the gmail account mrontemp.

Wednesday, December 21, 2005

NexID Biometrics (or, how to get the New York Times to announce the establishment of your company)

A couple of weeks ago, articles began appearing that talked about how fingerprint reading devices can be spoofed. Here's an example:

Clarkson University Engineer Outwits High-Tech Fingerprint Fraud

By: Clarkson University
Published: Dec 10, 2005 at 07:45

...Biometrics is the science of using biological properties, such as fingerprints, an iris scan, or voice recognition, to identify individuals. And in a world of growing terrorism concerns and increasing security measures, the field of biometrics is rapidly expanding.

"Biometric systems automatically measure the unique physiological or behavioral ‘signature' of an individual, from which a decision can be made to either authenticate or determine that individual's identity," explained Stephanie C. Schuckers, an associate professor of electrical and computer engineering at Clarkson University. "Today, biometric systems are popping up everywhere – in places like hospitals, banks, even college residence halls – to authorize or deny access to medical files, financial accounts, or restricted or private areas."

"And as with any identification or security system," Schuckers adds, "biometric devices are prone to ‘spoofing' or attacks designed to defeat them."

Spoofing is the process by which individuals overcome a system through an introduction of a fake sample. "Digits from cadavers and fake fingers molded from plastic, or even something as simple as Play-Doh or gelatin, can potentially be misread as authentic," she explains. "My research addresses these deficiencies and investigates ways to design effective safeguards and vulnerability countermeasures. The goal is to make the authentication process as accurate and reliable as possible."...

"Since liveness detection is based on the recognition of physiological activities as signs of life, we hypothesized that fingerprint images from live fingers would show a specific changing moisture pattern due to perspiration but cadaver and spoof fingerprint images would not."

In live fingers, perspiration starts around the pore, and spreads along the ridges, creating a distinct signature of the process. Schuckers and her research team designed a computer algorithm that would detect this pattern when reading a fingerprint image. With the new detection system integrated into the device, less than 10 percent of the spoofed samples were able to fool the machine....

These and similar articles got a lot of airplay throughout the media, most of whom reported what had already been reported. But the New York Times added some information that I hadn't seen before (emphasis mine):

In a study, researchers at Clarkson University in Potsdam, N.Y., tested 66 fake fingers to see if they could outwit biometric devices, which identify individuals based on the physiological properties of their fingerprints or other body parts. The fake fingers went undetected more than half the time.

"Even if it comes from Play-Doh, the scanner has no way of knowing that. It is just taking a picture of an image," said Stephanie C. Schuckers, a Clarkson electrical and computer engineering professor who helped lead the research. "People in the industry are aware this is an issue."

The results, published this year in the IEEE: Transactions on Systems, Man, and Cybernetics journal, highlight a potentially huge vulnerability....

Dr. Schuckers hopes to introduce new technology that can detect pore perspiration patterns to prevent the biometric devices from being fooled. She has started a company, NexID Biometrics, to start licensing it next year.

The referenced study is as follows:

Time-series detection of perspiration as a liveness test in fingerprint devices

Parthasaradhi, S.T.V. Derakhshani, R. Hornak, L.A. Schuckers, S.A.C.
Bioscrypt, Inc., Markham, Ont., Canada

This paper appears in: Systems, Man and Cybernetics, Part C, IEEE Transactions on
Publication Date: Aug. 2005
Volume: 35 , Issue: 3
On page(s): 335 - 343
ISSN: 1094-6977
INSPEC Accession Number:8507021
Digital Object Identifier: 10.1109/TSMCC.2005.848192
Posted online: 2005-07-25 08:17:26.0

The NexID Biometrics web site is at www.nexidbiometrics.com. According to various pages on the website:

NexID Biometrics, LLC, was formed in December 2005 by four partners, Bojan Cukic, Lawrence Hornak, Michael Schuckers, and Stephanie Schuckers. Through their collaborations over eight years, the team has extensive expertise in the biometric field, in addition to being experts in related areas of computer science, electrical engineering, statistics, and biomedical engineering....

Recent reports, corroborated by research, have demonstrated that biometric devices can be spoofed by fairly straightforward means. Several methods have been suggested to make spoofing of these devices more difficult. One such method is liveness, i.e., a determination of whether or not the biometric is measured from a live source. We are developing liveness and other anti-spoofing technology which can be readily incorporated into existing commercial devices. Our approach is primarily software-based and utilizes the biometric information itself. Thus, it requires no additional hardware while maintaining system performance....

Needless to say, the blogosphere is covering this also - everything from The Sweating Guide linkorama to Engadget/The Raw Feed to Tactile Tech to The Esoteric Macrocosm to Emergent Chaos. And perhaps some of these bloggers used a laptop with a fingerprint reader. Now we have to wonder if Emergent Chaos really WAS Emergent Chaos...

P.S. For more information on sweat, see How Stuff Works.


Post a Comment

Links to this post:

Create a Link

<< Home