I got a new Toshiba Portege a few weeks ago, the first machine I've owned that came with a fingerprint sensor. At first the system seemed to have been designed in a sensible way. The fingerprint template is encrypted and stays local. It is never released or stored in a remote database. I decided to try it out – to experience what it “felt like”.
A couple of days later, I was at a conference and on stage under pretty bright lights. Glancing down at my shiny new computer, I saw what looked unmistakably like a fingerprint on my laptop's right mouse button. Then it occurred to me that the fingerprint sensor was only a quarter of an inch from what seemed to be a perfect image of my fingerprint. How secure is that?
A while later I ran into Dale Olds from Novell. Since Dale's an amazing photographer, I asked if he would photograph the laptop to see if the fingerprint was actually usable. Within a few seconds he took the picture above.
When Dale actually sent me the photo, he said,
I have attached a slightly edited version of the photo that showed your fingerprint most clearly. In fact, it is so clear I am wondering whether you want to publish it. The original photos were in Olympus raw format. Please let me know if this version works for you.
Eee Gads. I opened up the photo in Paint and saw something along these lines:
The gold blotch wasn't actually there. I added it as a kind of fig-leaf before posting it here, since it covers the very clearest part of the fingerprint.
The net of all of this was to drive home, yet again, just how silly it is to use a “public” secret as a proof of identity. The fact that I can somehow “demonstrate knowledge” of a given fingerprint means nothing. Identification is only possible by physically verifying that my finger embodies the fingerprint. Without physical verifcation, what kind of a lock does the fingerprint reader provide? A lock which conveniently offers every thief the key.
At first my mind boggled at the fact that Toshiba would supply mouse buttons that were such excellent fingerprint collection devices. But then I realized that even if the fingerprint weren't conveniently stored on the mouse button, it would be easy to find it somewhere on the laptop's surface.
It hit me that in the age of digital photography, a properly motivated photographer could probably find fingerprints on all kinds of surfaces, and capture them as expertly as Dale did. I realized it was no longer necessary to use special powder or inks or tape or whatever. Fingerprints have become a thing of “sousveillance”.
I guess you are ‘spot on’ when you say that a fingerprint can be used to identify someone. It is the fact that it is used for authentication that we should be worried about.
Yes. It's important to be more precise, so I've changed my post so instead of saying, “use a “public” secret to identify someone” it now says “use a “public” secret as a proof of identity”.
In other words, it isn't possession of the secret that is the proof, it is possession of the finger. Thanks
Also if there is no indirection between the finger print and the final authentication there is no way to ‘revoke’ it and replace it in the event that it is compromised. In these systems once your finger print has been compromised and the template published ‘your’ finger print becomes useless as a means of authenticating you. Good thing you modified your finger print. 🙂 So an intermediary layer is even required for biometrics and once you start to ponder that, the value of biometrics drops further. For example, a smart card that is resistant to brute force PIN attacks (essentially all of them) is just as secure as one that uses biometrics.