HomeAbout MeSecurityDCLinuxEee PCMusic3D GraphicsRobotsContact Me

Appeared to be safe
29 March 2004

Former admiration about biometric techniques seems to be fading now. It’s hard to see systems proclaimed as “the safest” to guide the access to….anything, and for sure not to critical informatics systems. Technical wash-out, too expensive toy or maybe lack of understanding?
Author: Tomasz Grabowski
Translation: Aleksandra Malak
Configuration of face and hands, texture of dermatoglyphics, the shape and color of iris, the sound of voice, characteristic features of hand writing or even the way of writing on keyboard-those are the unique features of every man. This natural uniqueness is used by biometrics- the sphere of science based on adaptation of unique man’s features in personal identification systems, and wide conception of controlled access systems. 

The possibility of identification, based on the features that can not be forged, and in the same time are being “always together”, seems to be the ultimately solution of all problems that are appearing while using conventional techniques of identification and authentication: passwords, PIN numbers, microprocessor cards, tokens and their countless combinations. So, if it’s so good, then why it’s so bad? Why, in spite of many advantages, the biometric techniques are still not commonly used? What disturbs to customize them as the users authentication standard?

Orwell still terrifies

Conventional techniques of identification permits only to prove that given person knows the password, PIN number or posses the proper card. If this person is legal user of protected resources, is a mystery. The next problem is combined with durability of “authentication factors”. In case of passwords and PIN numbers-especially when there are few or dozen of them- memory often fails. From the other hand if we consider the physical factors, for example cards-we can  consider theft or lost. In both situations access to protected resources is impossible.

Biometry is free from this defects-it identifies the person itself, moreover the fingerprint is rather hard to lose or forget.

We can find receivers of new technology in almost every domain of life. We can easily imagine the benefits flowing, for example from situation, when we don’t have to wear any documents or remember passwords, and even though we can travel all over the world, have access to our ready money and we can use a public phone because it’ll recognize our voice, and automatically debit our account with a proper amount of money. When we happen to have an accident, a proper service can easily, for example by scanning iris, get total information about our health, blood type and all necessary facts needed for a proper treatment. Identification won’t be a problem any more. Even if we injury ourselves in a finger, a public camera can enable a proper service our identification.

That’s how we got to a serious problem on the way to customize biometrical systems. Paradoxically, because main advantages of biometrics are in the same times their disadvantages. As the main problem, we can see the Orwell’s image of society totally controlled by a government. Determination of every citizens identity only with a fingerprint, and unequivocal identification by using hidden systems scanning face or iris, generate a common protest from all movements defending citizens liberty, and also they argue with our privacy.

What would of happen, if to get a bank account, we need to give our fingerprints? That awakes unequivocally bad associations, which in consequence cause reluctance for this kind of security. Moreover, why only bank should know our fingerprints? In the end, in the world dominated by biometrical devices authenticating us in every situation, a fingerprint can be used not only for access to a bank account but also to a cell phone, a car, an apartment etc.
Considering the situation in witch more institutions would have our fingerprints, this form of authentication will gradually lose it’s value. If for example somebody steals from bank this information, and then somehow create an artificial finger, matched exactly to original, he can get access not only to our money, but also to all our goods and services secured in the same way.

Consequences of discovery an effective way to deceive biometrical systems-if world would decide to relay on them-seems to be catastrophic. Fear is a major force. Without fighting it, common use of biometrical techniques wouldn’t be possible. In this case, we can only persuade, without any guarantee, that biometrics methods provides higher than existing methods, authorization level of security.

Best in their class

In all materials from producers, concerning efficiency of specific solutions in biometry, two definitions appearing: False Rejection Rates (FRR) and False Acceptance Rates (FAR). The first one - FRR – is an indicator of false rejections, which defines what percent of tested samples would be rejected, even though they are correct. For example, FRR equal 10% means that for a hundred tested persons, ten of them won’t get the authorization, even if they are legal users of the system.  FAR is an indicator of false acceptations. It determines, what percent of testes samples would be accepted, even if they are incorrect.

Biometrical branch likes to use FRR and FAR indicators. The system is less arduous for users (it doesn’t require few legalizations tests ), if FRR indicator is lesser. Whereas the system is harder to break for a burglar, when FAR indicator is lesser. In ideal conditions both indicators should be equal to zero. And usually they “are”, because they don’t consist any information about the real level of security, which is provided by a system. Result we get, depends only on the way the test is ran. For example, when we consider face recognition system, we can try to “fool “ it, by using a simple photo or else’s face. This face can be more or less similar to original. Delicately speaking, producers can freely form FRR and FAR values.

In this situation, the best way to check the real security level of biometrical systems, would be without any hesitation, a general test,  which would allow to examine specific devices in the same conditions. Unfortunately, all developments consider at most few random selections of systems. In practice, creation of reliable image of security on this base, for all cases, or maybe just for the majority biometric solutions, verge on impossibility.

Tracking the burglar

Intuition prompts, that if tests can be “strained”, there must be a way to false the biometric system. We’ll try to look at biometrical solutions the same way the burglar does.

First method is based on taking control over the database, in which biometrical indicators are stored: fingerprints or iris images of people authorized. By taking control over that base, the burglar can load his own data. Even the most efficient biometrical devices won’t be enough, if the database the device is using, is kept in a wrong way, for example, on a connected to biometrical device PC computer, with improperly protection of the operating system.

The second category of attacks considers loading incorrect data, on the way between the biometrical device and it’s database. For devices that are protecting access to PC computer, connected to it by USB connector, it would be a trial to load to USB port burglars own signal, imitating behavior of biometrical device. From technical point of view, making that attack is not really so hard to accomplish. This case can be even simpler, if the transmission  between biometrical device and it’s database is through radio waves. Lack of strong algorithm encoding communication – and the best of all when it’s separate in each OSI layer – is almost an invitation for a burglary.

Third category of attacks consist in a trial to cheat biometrical device. Burglar can cheat system, using artificially made objects, like artificial finger made from left fingerprints, or an iris photo of person authorized to use the system. As the most of attacks from first two categories can be relatively easily prevented, methods of protection against third kinds of attacks are rather not well known.

Visiting ophthalmologist

One of more interesting elaborates concerning this subject, is a document “Body Check”, authorship Lisa Thailheim, Jan Krissler and Peter-Michael Ziegler. Authors put to the test devices, which are nowadays most popular. Among systems used to recognize fingerprints you could find products from: Biocentric Solution, Cherry, Eutron, Siemens, Veridicom, Identix and IdentAlink. Also system Authenticam from Panasonic, assign for iris scanning has been tested, and the solution of authentication, based on face look FaceVACS-Logon created by Dresner Cognitec AG. The last software is using a simple internet camera connected to PC computer. Producer recommends ToUcam PCV 740K camera from Philips, that is why all tests were ran using that kind of equipment.

The authentication process is totally automatic. FaceVACS-Logon currently analyzes view from camera, and when it finds a persons face in it’s visual field, it is automatically recognized. First software tries to localize eyes of tested person, and then basing on this information, tries to define where the rest of face is. After that, selected parts of image from camera are compared with the one kept in database. If both fits together, authentication is finished successfully.

However it turns out, that images in database of FaceVACS-Logon system are kept as simple .PPM and .FVI files. They are not even encode. First trial to cheat the system consist in making a copy of those files on laptop, and then using them instead of real man’s face. It appeared, that after setting a proper distance between laptop screen and camera, system granted authorization every single time. Of course, if the data base is properly secured, gaining images used by system is much harder. So next trial was based on taking three different pictures of the person who has access to system, with a simple digital camera. Following, those pictures were shown to the system on laptop. It turned out, that system granted access to secured files after second picture…..

To prevent cheating system by using images in it’s database, company Cognitec added to FaceVACS extra function called Live-Check. After it is activated, all described trials of attack appeared to be ineffective. Unfortunately software ability to recognize real users changed considerably for the worse. Trial to cheat this system consist in making a short .AVI movie, in which, a person authorized for using system, slightly moved head left and right. After showing that movie on laptop, system again granted access to protected resources. How can we make that movie? With a camera behind a see-through mirror in a “victims” own bathroom, or record a close-up with an industrial camera. There are many possibilities.

Iris examination, for most of the people, associates with science-fiction movies. But those kind of systems are existing and functioning right here and right now. One of these systems is Authenticam by Panasonic. Simple methods of cheating the system, by using iris images shown at the laptop screen, failed. The same thing happened with a photos printed on a common paper. However more tests shown, that algorithm used during authorization process can be fooled, if we show a real human iris together with it’s printed picture.

To cheat the system, we must then print iris on a sheet of paper, cut the hole in the middle, and give this hybrid for scanning. Bingo! Of course basic challenge is to get a proper photo of iris.
 So, can we consider systems safety, if we know that it is hard to find that kind of photo? Not quite. And if someone manage to get a faithful photo of iris, for example by stealing it from ophthalmology clinic?

A finger instead of picklock

Another tested device was ID Mouse made by Siemens. This is a very popular system, used for users authentication, based on dermatoglyphics patterns. It turns out, that it is susceptible to simple swindle, like blowing on a fingerprint left on a device. During that process it was shown, how in the monitoring screen of device clearer dermatoglyphics, left on the reader, were appearing. System could be also fooled with a help of a thin foil filled with water. Effectiveness of this method appeared to be even higher than the first one.

Now Siemens is protecting his devices on a different way. System is remembering an exact position of last scanned finger. If in another trial of authentication, finger is in the same position on the reader, than it was before, system recognize it as a cheating. Method is simple and effective, and in the same time, is not a problem for users.

Sophisticated methods are still more effective. It is enough to get dermatoglyphic from different objects, and reproduce them with help of sticky tape and loose graphite. Efficiency- almost 100%! Next tested device was keyboard G83-14000 from Cherry. Because it turn out that built-in dermatoglyphic reader was build from the same components as ID Mouse from Siemens, there were no problems with burglary.

A device from Eutron Magic Secure 3100, was not that easy to fool with a thin foil filled with water, or by blowing. But when sticky tape and loose graphite were used, there were no problems with getting into protected resources. Bio-Touch USB 200 dermatoglyphic scanner from Identix, operative on different rules, was not susceptible to any of earlier attacks. But it turned out, that it can be fooled with help of a fingers copy, made for example from wax and silicone.

This “artificial finger” allowed, without any further problems, to get access to protected resources.

Good old keys

Conclusions are appearing automatically. Biometrical devices produced nowadays, do not guarantee us satisfactory safety level. Ingenous burglar is able to cheat them with such high probability, that they should be threaten rather as toys, not security systems. Not the cheapest toys we must say. Apart from producers enthusiasm, fact is still a fact: there is a long way ahead biometrical systems, to outdo from our lives passwords, PIN numbers, microprocessor cards, and a set of heavy keys.