UK biometric passport scheme nipped in the bud?

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Mon, 20 May 2002 08:47:51 +0100 

Further fuel to iris vs fingerprint biometrics debate. The URL below
provides further links of interest to this list. It is interesting in
the light of the suggestion that the UK Passport Service wants to
introduce passport smart cards by 2006 which would contain data on
either an iris scan or fingerprints. =20

What "biometrics" are used and to what purpose in asylum seeker ID
cards? The reference is that "Since January 31, asylum seekers in the UK
have been issued with biometric cards holding family details,
nationality, date of birth and other information".=20

Schneier and others have also commented on the work reported below.
=20
------

      * Fingerprint Scanners: 80% Defeated!

The Register site reported that a Japanese cryptographer has
demonstrated=20
how fingerprint recognition devices can be fooled using a combination of

low cunning, cheap kitchen supplies and a digital camera. Now, does this
mean you have to rip out all the devices you already implemented? No,
but you do need to keep the golden anti-hacking rule in mind: "Physical
Access=20
Is Paramount". Lock down and protect the actual physical servers that=20
host sensitive data, and make sure that workstations are behind locked=20
doors after working hours.

So, how did this smart man fool the fingerprint devices? First Tsutomu=20
Matsumoto used gelatine and a plastic mould to create a fake finger,
which=20
he found fooled fingerprint detectors four times out of five.=20

Flushed with his success, he took latent fingerprints from a glass,
which=20
he enhanced with a cyanoacrylate adhesive (super-glue fumes) and
photographed with a digital camera. Using PhotoShop, he improved the
contrast of the=20
image and printed the fingerprint onto a transparency sheet. Here comes
the clever bit.=20

Matsumoto took a photo-sensitive printed-circuit board (which can be
found=20
in many electronic hobby shops) and used the fingerprint transparency to

etch the fingerprint into the copper. From this he made a gelatine
finger=20
using the print on the PCB, using the same process as before. Again this

fooled fingerprint detectors about 80 per cent of the time. He tried
these attacks against eleven commercially available fingerprint
biometric=20
systems, and was able to reliably fool all of them. Full article at:

http://www.w2knews.com/rd/rd.cfm?id=3D020520TB-Fingerprint_Scanners


Quentin
---
PHONE: +44 191 222 8209    Computing Service, University of Newcastle
FAX:   +44 191 222 8765    Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."=20