Security Review: Fingerprint Scanners

By devynp at 10:42 pm on January 29, 2009 | 4 Comments

Fingerprint identification is the oldest biometric method. Everybody has a set of unique fingerprints, formed by the ridges and valleys on the skin. Fingerprints have been used in many fields, such as crime scene investigation and criminal database to identify people. In terms of technology, biometrics are used as an authentication method, alone or in combination of other techniques, such as password or another biometric forms.

A fingerprint scanner collects, prints, and creates images that can then be analyzed and compared to images already on record. Optical and capacitance are the two major scanners used on the market to collect and analyze fingerprints. An optical scanner works like a digital camera where it collects data on the light reflected off of one’s fingerprints. The lightness/darkness of the reflection is created by ridges and valleys on the skin. A capacitance scanner also creates an image of one’s print; however, it uses electrical current and conductivity to mark the light/darkness area of the print.

After an image collection, a fingerprint scanner system compares specific features of the print (or minutiae), such as angle of certain ridge/valley, location of circles, etc. To get a match, the system doesn’t need to find every pattern in both the sample and the record, it just needs enough matches, and threshold varies.

GOALS/ASSETS

  • Things you’re trying to protect with your fingerprint. When someone employs fingerprint biometrics as a form to protect/restrict access, then whatever the biometrics is used on is an asset. Although scanners are quite cheap these days and come with most tech products (laptop), it is still not widely implemented.
  • Your identity. Since your own fingerprints are unique, using it as an authentication method would mean that your unique identity is exposed and is at risk.
  • This is very similar to the previous point: the record of prints. Since sample prints are compared to record prints to provide authentication, then this database is very valuable as well. We do not want people to tamper with this record set, such as adding, deleting, or modifying existing prints, because then authorization is flawed and would fail (or falsely succeeded, depend on how you see it).

ADVERSARIES AND THREATS

  • People who’s trying to steal your the stuff you’re protecting with your fingerprints. If it’s that important to use biometrics as a mean of authentication, then someone will want to get a hold of it, whether it’s your embarrassing childhood pictures or national security documents.
  • Identity thieves. Electronic file that store fingerprints data are vulnerable to data theft, just like passwords stored in the database. The security of protected information might be compromised if fingerprints data is stolen. Fingerprint is “something you are” and uniquely yours. As biometrics become a norm in authentication and protection, it is more valuable to these folks to get a hold of your prints to be “you,” because it may grant them access to many more private data.
  • An additional threat is that of the non-visible mark that human fingers leave on the scanner that it touches. This can easily be brought visible and get stolen using some special tapes.

WEAKNESSES

  • To be considered as a match, only certain numbers of features need to be present in both the sample and record. This threshold could be arbitrary. Assuming that this threshold of matches could be changed, adversaries could alter it, either making it unreasonably high that even the prints’ owner couldn’t get an authentication, or making it low so that everyone can be authenticated with any prints.
  • Inaccuracy of the scanners. Even though everybody has their unique set of fingerprints, but the replication (aka prints) could vary by angle, size, smear, etc. Assuming that the record prints are collected via the same medium (the same type of scanner) into the database, we have couple of areas where this inaccuracy could occur: a) during record collection, meaning when the prints enters the database the first time, b) during sample collection at the time when someone requests authentication with an fingerprint. Also, since only a certain amount of features needed to be matched, adversaries rely on the inaccuracy of scanner/prints and this threshold to fake authentication.
  • Fingerprints cannot be replaced. Once a fingerprint is compromised, then there is no way to create another one (unless you count your other 19 digits). Other forms authentication allows changes and replacement once compromised. We only have 10 fingers (and 10 toes). After that, you’re kinda out of ideas.

DEFENSES

  • Use biometrics in combination with other types of authentication. Although fingerprints are unique, however, as we have explored earlier, it has plenty of weaknesses. To make up for that, we could employ defense in breadth by using it as part of an broader and more elaborate authentication scheme, such as password or secret question, or the more extreme DNA sample.
  • Secure scanner setting. As mentioned above, assuming that the number of features that are needed for a match could change, then protecting such setting is also very important. Limit who can change it and how it could be change would be a great way to prevent unauthorized changes of setting. The setting itself needs to be protected.
  • Fingerprint scanners should be able to test if the finger is a real finger, not an imitation of human finger (eg. tape or mold)
    Have some form of encryption of the fingerprints so people cannot be identified. The encryption result should be random and not form into other existing fingerprints.

EVALUATION

We have only touched on a small set of assets, weaknesses and adversaries that associated with fingerprint scanner and authentication. This technology is fairly new and has not yet been widely adopted by all authentication methods mainly because it’s still in a stage of trial and getting approval of method. What makes biometrics different than all other types of authentication is it is considered as “what we are.” To make it work, users must invest personal asset (in this case their unique finger print) into the system, and thus risk of exposing it to the world, if not properly secured. This put users in a place where protecting their prints becomes another item on the list since prints are left wherever users touch. To a more extreme case, users might lose a finger or two, or even a whole hand, if adversaries must need fingerprints to gain access. Also, unlike passwords, fingerprints cannot be replaced. This limits the extensibility of how long fingerprints could be used.

CONCLUSION

Fingerprint scanner is an excellent means of identification. Instead of memorizing passwords, people can use something unique to themselves to protect their assets. But these devices may increase vulnerability to security attacks, and once the fingerprint gets into the wrong hand, it is really hard to replace it. So for now, it is better if we don’t have everything we own protected by a fingerprint scanner. Fingerprint scanners cannot be thought as password replacements. Rather, they can be considered as an additional security items that help improve security. We are hoping that as technology improves, fingerprint scanner will become more reliable and it can be an integral part of human’s life.

Xia (My) Cam & Devy Pranowo

Filed under: Security Reviews4 Comments »

4 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by ando

    January 30, 2009 @ 12:22 am

    I like the idea of adding a biometric scanner as an addition to security and not the entire wall of defense. Having multiple “check points” for your system is a great way to increase security. We talked about this article in class and your post reminded me of it. I think most people don’t think of the risk of losing a finger when they have a biometric reader protecting their assets. The driver of this car now has no car and even worse, (in my opinion) no finger. I many situations it might be better to have a standard password that you can give a thief threatening your finger instead of your body part. The same goes for other biometric reader required body parts like eye balls. So now, before I use a biometric reader I might stop to think if what I am securing is worth my finger.

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by jonfung

    January 30, 2009 @ 5:48 am

    Often times fingerprint readers are in fact not very secure at all. Cheap fingerprint readers are notoriously flaky, and some expensive ones are pretty poor too. There was actually a Mythbusters episode of this. Since most of my exposure to fingerprint readers is on my laptops, I’ll talk mostly about those. The fingerprint readers on laptops and computers are also not very reliable. Usually, the operate as an alternative to a password. You get the choice to enter your password, or swipe your finger to have it essentially enter your password in for you. It does this by asking for your password when you set up the software. This in fact lowers your security as it does nothing but route security through password mechanisms and introduces another link in which an attacker could exploit. Coupled with the fact that some of these fingerprint readers can be fooled quite easily, I think the increasing use of fingerprint readers in consumer electronics could actually be decreasing security. Biometric authentication needs to be designed from the ground up to secure things, it can’t be some device that you can just tack on to Windows and use it to enter passwords for you (which is the way it’s going right now). An attacker can just circumvent these by accessing the hard drive directly, or using something like ntpassword to simply overwrite a user password on Windows and bypass the biometrics entirely.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by dravir

    January 30, 2009 @ 3:40 pm

    On this topic and following from the previous comment, I think it is an unfortunate thing that some devices that are a device for convenience are marketed as a device for security. Laptop fingerprint scanners are a good example of this. It is not a second layer of security, but rather is just an easy/quick/flashy way to access the same level of security as before, namely entering a password. And as is true of most cryptographic systems, an increase in convenience results in a decrease of security. That’s not to say that such devices are bad – I use the fingerprint scanner on my laptop, but recognize that it is just an alternate method of accessing the same security as I would have without it (and, as was noted, introduces another link in the chain that may have attacks the other links don’t). However, the general public does not know the technical details of implementation of such devices. There are surely other examples of this, and I think it should be incumbent on producers of such devices to clearly distinguish those that are actually security devices (increase security as opposed to not having it) and those that are convenience devices that don’t affect, or possibly decrease, security.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by stasis

    January 30, 2009 @ 6:53 pm

    This review also highlights a broader topic which exists across the field of security. For any system or good which is secured behind a key, there suddenly need to be security systems for the key itself. The level of this key security is dependent upon the value of the things it protect. This is because, in effect, when you protect goods with a key, the value of the goods is being transferred onto the key. Said another way, your key is only worth as much as what it protects.

    This is an interesting concept because it can help shed light on the problems with fingerprint biometrics. Because biometrics are viewed as being a superior form of security, they are currently being used to protect things of a lot of value. This means that, all of a sudden, your fingerprints are worth a whole lot more than they were before. The problem with this is that there is no system in place to deal with the concept of fingerprints being valuable. If the key were instead a password, well-tested, relatively-secure systems could be used to protect this key. But instead, you are suddenly placing a lot of value on a key which you happen to scrawl across every glass, doorknob, and table you touch. There is no easy way to “encrypt” your fingerprint when you are not using it. Until society has shifted to where everyone wears gloves 24/7, I believe the security of a fingerprint is inferior to that of a password for most uses.

RSS feed for comments on this post