Jump to content


Photo

Fingerprint sensors; Secure?


  • Please log in to reply
21 replies to this topic

#1 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,179 posts
  • Location:QLD

Posted 24 May 2017 - 01:08 PM

Just a quick one.

 

I've read lots of articles, some are from paranoid people who claim that "If you store your fingerprint, now "THEY" have it!

 

Others, seem to claim that no fingerprint is stored.

And that it is in fact a metric that looks for POINTS on a fingerprint.

These points can be used to confirm the fingerprint is the same as the stored one, but couldn't be used to reconstruct a "fake fingerprint"

 

As I am a little paranoid, I'd prefer not to have a full scan of my fingerprints anywhere that could be 'hacked' or compromised, so I'm curious.


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#2 Jeruselem

Jeruselem

    Guru

  • Atomican
  • 14,029 posts
  • Location:Not Trump-Land

Posted 24 May 2017 - 01:28 PM

I think one has to more specific about what kind of scanner

http://www.androidau...rs-work-670934/

 

Optical, capacitive or ultrasonic.


Having trouble with A [?]OS11.1?

 

2018 FIFA World Cup Russia - Australia in but Italy, Chile, Netherlands, USA = FAIL.


#3 Rybags

Rybags

    Immortal

  • Super Hero
  • 35,058 posts

Posted 24 May 2017 - 01:39 PM

I think the bigger risk is in trusting the things to be actually secure in their locking functionality.  If you want someone's fingerprint it's not exactly hard to get it and duplicate.  Remember the Mythbusters easily cracked a commercial fingerprint activated door lock, there's not a great deal they can do to distinguish fake from real.



#4 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,179 posts
  • Location:QLD

Posted 24 May 2017 - 02:01 PM

I think the bigger risk is in trusting the things to be actually secure in their locking functionality.  If you want someone's fingerprint it's not exactly hard to get it and duplicate.  Remember the Mythbusters easily cracked a commercial fingerprint activated door lock, there's not a great deal they can do to distinguish fake from real.

 

Its not hard to et it if you're local.

It's not hard to get my wallet if you're local.

Local security isnt the concern.


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#5 @~thehung

@~thehung

    Guru

  • Hero
  • 8,638 posts

Posted 24 May 2017 - 02:13 PM

i havent seen the Mythbusters ep in question, but i thought Rybags was referring to cracking a weak lock rather than spoofing a known key.


no pung intended

#6 Rybags

Rybags

    Immortal

  • Super Hero
  • 35,058 posts

Posted 24 May 2017 - 02:21 PM

It was a door lock - probably normally implemented as some sort of networked black-box system.  It was a while back though, probably 6-8 years.



#7 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,179 posts
  • Location:QLD

Posted 24 May 2017 - 03:14 PM

Once again, those articles brush on the topic but dont give a definitive answer.

Do phones, for example, store enough data to successfully "make my fingerprint" again?

Or do fingerprint scanners, theoretically, just lock a device down to the 0.1% of the population with "similar fingerprints"?

or is there a technique im missing?

 

Lets just say in light of WannaCry\EternalBlue, I'm a little more skeptical about what "stores your fingerprint securely" really means....


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#8 Rybags

Rybags

    Immortal

  • Super Hero
  • 35,058 posts

Posted 24 May 2017 - 03:27 PM

https://en.wikipedia...int_recognition

 

For what it's worth.  Unclear but it seems that some systems use imaging and some use biometrics.  Biometric of course being unobtrusive similarly to a password hash.  Though I imagine that a biometric password could easily be reverse-engineered to create multiple different working "copies".  But in the sense of cloning a fingerprint, next to useless.

 

Problem is, you could probably look at the data for an image and set of biometric data and the size would likely be the same.  Imaging can be done as 1bpp to represent ridges and valleys and biometrics only really need coordinates, size, orientation etc for the features like arch, loop, swirl.



#9 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,179 posts
  • Location:QLD

Posted 25 May 2017 - 09:39 AM

https://en.wikipedia...int_recognition

 

For what it's worth.  Unclear but it seems that some systems use imaging and some use biometrics.  Biometric of course being unobtrusive similarly to a password hash.  Though I imagine that a biometric password could easily be reverse-engineered to create multiple different working "copies".  But in the sense of cloning a fingerprint, next to useless.

 

Problem is, you could probably look at the data for an image and set of biometric data and the size would likely be the same.  Imaging can be done as 1bpp to represent ridges and valleys and biometrics only really need coordinates, size, orientation etc for the features like arch, loop, swirl.

 

 

See I still have no grasp of what the hell all that means

I've read it, and it makes 0 sense to me.

It just keeps telling me how they map it, not what that data can be used for.

 

If I buy a new phone, and it wants my fingerprint, can people of any sort re-create my fingerprints from that data?


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#10 Rybags

Rybags

    Immortal

  • Super Hero
  • 35,058 posts

Posted 25 May 2017 - 11:55 AM

The way I see it, if they have even some crappy 8K JPEG representing a print, it could probably be recreated to a fairly high degree of accuracy with high 90s % chance of a match to the real thing.

If they use biometrics where characteristics and relative coordinates are kept, a recreation would probably be poor value with under 80% chance of a match.



#11 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,179 posts
  • Location:QLD

Posted 25 May 2017 - 11:59 AM

The way I see it, if they have even some crappy 8K JPEG representing a print, it could probably be recreated to a fairly high degree of accuracy with high 90s % chance of a match to the real thing.

If they use biometrics where characteristics and relative coordinates are kept, a recreation would probably be poor value with under 80% chance of a match.

 

Thats still scarily high.

 

The sensor in question is this:

https://www.fingerpr...rdware/fpc1145/

http://biometrics.ma..._1145_flyer.pdf


Edited by Master_Scythe, 25 May 2017 - 12:00 PM.

Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#12 @~thehung

@~thehung

    Guru

  • Hero
  • 8,638 posts

Posted 25 May 2017 - 06:53 PM

Problem is, you could probably look at the data for an image and set of biometric data and the size would likely be the same.


this i doubt. i mean, not necessarily. it all depends, doesnt it?

lets say you give me a satellite pic of 10km² of terrain — colour-coded with topographical data.
 
i assess that image, and identify 6 mountains/hills (ideally, dispersed, like two from each quadrant), storing the max elevation of each, the cross-sectional area of each at a range of elevations, such that i now have a 'signature' of each individual mountain. i then include the geometric distances between each of these 6 mountains/hills to each other in my stored data.

thats vastly less data than the original image, and yet, you could throw pictures of terrain at me all day i could could probably identify the presence of that exact location with a reasonable degree of accuracy. 

 

i suppose this would be like very crude 'minutia-based' matching.  processing would be slow.  it would be hugely vulnerable to variations in the quality of source images, and the margins of error in my own metrics, and would probably fail in the case of very similar terrain -- but its easy to see how all of these factors could be constrained/eliminated by storing only slightly more data.  even something as data-heavy as storing bitmapped silhouettes of cross-sections of each mountain would pale in comparison to the original image.

 

Biometric of course being unobtrusive similarly to a password hash. Though I imagine that a biometric password could easily be reverse-engineered to create multiple different working "copies". But in the sense of cloning a fingerprint, next to useless.


yes, thats my guess too.

@Master_Sythe, in the case of my example, a person aware of my method and able to read and understand my stored data could create endless fake images to trick my terrain matching system, yes, but they would not be able to reconstruct the original terrain itself — not even close.  they would only end up with knowledge of the relative positions of 6 fake mountains of roughly the right shape in a sea of emptiness.  that information would be all but useless for fooling another terrain matching algorithm, even if the other's method was only slightly different.

 

then, if you factor in the possibilities that:-

 

a) my algorithm is unknown to a potential faker

b) i dont actually store the metric data when creating the "key" but only a hash of it

 

it would be pretty damned safe.  

 

in case this still isnt clear, if you suppose my algorithm was STUPIDLY inefficient and unoptimised, the authentication process would be one of scanning in each potential matching image into RAM, identifying every single mountail/hill in it, and then for every single possible combination of 6 of these, reducing them algorithmically to a string of metric data, and finally generating a hash on this data for comparison against the original stored hash.  at no point would any image, neither the originally scanned 'key' nor successive scans ever need to be stored in non-volatile memory.

 

---

really, i see little theoretical reason why fingerprint scanning cant be made 99.99% trustworthy at the hardware level, but yeah....i wouldnt be surprised if there are vulnerabilities in many implementations...


Edited by @~thehung, 25 May 2017 - 07:41 PM.

no pung intended

#13 Rybags

Rybags

    Immortal

  • Super Hero
  • 35,058 posts

Posted 25 May 2017 - 09:41 PM

For imaged fingerprints, all you need is 1-bit data.  The only "feature" you want is whether a particular point is part of a ridge or valley.



#14 @~thehung

@~thehung

    Guru

  • Hero
  • 8,638 posts

Posted 25 May 2017 - 10:34 PM

yeah, ultimately, i imagine that the data from any scan would at some intermediate stage be resolved to a matrix akin to an image with 1-bit colour albeit significant DPI. 

 

in any case, its possible that the stored bytes required may represent a fraction of that matrix, much in the same way that facial recognition can be performed with knowledge of unique ratios of distances between eyes, nose, etc — with little to no explicitly stored imagery.


Edited by @~thehung, 25 May 2017 - 10:35 PM.

no pung intended

#15 Jeruselem

Jeruselem

    Guru

  • Atomican
  • 14,029 posts
  • Location:Not Trump-Land

Posted 26 May 2017 - 05:30 PM

yeah, ultimately, i imagine that the data from any scan would at some intermediate stage be resolved to a matrix akin to an image with 1-bit colour albeit significant DPI. 

 

in any case, its possible that the stored bytes required may represent a fraction of that matrix, much in the same way that facial recognition can be performed with knowledge of unique ratios of distances between eyes, nose, etc — with little to no explicitly stored imagery.

 

The Samsung S8 iris scanner is fooled by a photo of the user.


Having trouble with A [?]OS11.1?

 

2018 FIFA World Cup Russia - Australia in but Italy, Chile, Netherlands, USA = FAIL.


#16 chrisg

chrisg

    Immortal

  • Super Hero
  • 34,748 posts
  • Location:Perth

Posted 27 August 2017 - 01:08 PM

:)

 

I'm not a big one for at the PC security, but my firewall does not just defend, it attacks if provoked :)

 

Still, if you have anything you don't want stolen on your computer why not chuck it onto a stick and keep it separate anyway ?

 

Finger print scanners can be a bit of a joke actually, a few years back I was sorting out a government network that was a bit of a mess and needed some files from the admins machine to restore some settings. Fortunately he's a good friend because as he told me he'd need to unlock his pc with his fingerprint I said "Really?" and pressed my finger on the scanner, not my index finger, ring finger, and swiped it sideways - PC unlocked :) Just why the files were on his machine - we had a discussion about that later :)

 

I'm sure they are better now but that is an old trick from military so-called security days :)

 

There's no way to be 100% secure but securing your network and your office or home comes close if you are just old-fashioned sensible about it :)

 

Cheers


"Specialisation is for Insects" RAH

#17 Sir_Substance

Sir_Substance

    Guru

  • Atomican
  • 15,776 posts

Posted 30 August 2017 - 04:00 AM

Biometrics are not passwords. The key attribute of a password is that it's revocable. You only have 10 fingers. If you're using fingerprints as passwords you've got 10 for your whole life, and you leave 'em everywhere, including on the screen of the phone you're using them to secure. Biometrics are usernames. They identify you, but they shouldn't be used without a password. By definition, fingerprint sensors without passwords are not secure.

 

As a general guideline, if you can chug half a bottle of vodka and pass out, and a malicious actor can log into your account/device/whatever using just your unconscious body and what's on you at the time, you don't have any security at all.


Kablez- You can only beat a brick wall with so many sticks until... you wasted all your time collecting and breaking sticks against a wall... Tantryl- Knowledge is the new power, but will never provide a stable baseload as cost effective as burning puppies. mm80x: I allege that Sir substance must be from the internet

#18 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,179 posts
  • Location:QLD

Posted 30 August 2017 - 09:14 AM

Yeah, but I've never worried about security from a physical on-site hacker. Thanks to Windows, I'm accustomed to "If it can be TOUCHED, it's not secure".

I'm just worried about the possibility, where if I store my fingerprint on my phone, someone else can take that fingerprint and use it to incriminate me overseas, or unlock fingerprint auth used in the future.

I don't understand enough about how it works, to feel OK with giving my phone a copy of my prints.

 

I keep googling, but I keep coming up with vague answers :*(


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#19 SquallStrife

SquallStrife

    Really knows where his towel is

  • Atomican
  • 17,939 posts

Posted 30 August 2017 - 01:35 PM

Biometrics are not passwords. The key attribute of a password is that it's revocable. You only have 10 fingers. If you're using fingerprints as passwords you've got 10 for your whole life, and you leave 'em everywhere, including on the screen of the phone you're using them to secure. Biometrics are usernames. They identify you, but they shouldn't be used without a password. By definition, fingerprint sensors without passwords are not secure.
 
As a general guideline, if you can chug half a bottle of vodka and pass out, and a malicious actor can log into your account/device/whatever using just your unconscious body and what's on you at the time, you don't have any security at all.


In 2-Factor parlance, a fingerprint is "something you have", whereas a password is "something you know". Together, they're far stronger than either one by itself.

As for how fingerprints are stored, I have no reason to believe that they're stored differently (in principle) to a password. That is, salted, then digested by some hashing algorithm like SHA-256.

Obviously there's some background magic to account for how presenting a fingerprint is a varied process, but in principle there shouldn't be a way to reverse-engineer your fingerprint from the stored hash.

At best, the local device is compromised, and as long as hash values are salted differently in different locations (as they should be), then it'd be for all intents and purposes impossible to use the obtained digest anywhere else.
SyDjDDk.png [retro swim] | AzpUvwG.png @retroswimau | q5O6HgO.png +RetroSwim
四時半を待っています!

#20 Jeruselem

Jeruselem

    Guru

  • Atomican
  • 14,029 posts
  • Location:Not Trump-Land

Posted 31 August 2017 - 06:35 PM

Those cheap Chinese knock off phones which imitate expensive ones have fake finger print readers. All those do is detect there is a finger there and unlock the phone.

Having trouble with A [?]OS11.1?

 

2018 FIFA World Cup Russia - Australia in but Italy, Chile, Netherlands, USA = FAIL.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users