Data Sharing Review

Ian Batten ukcrypto at chiark.greenend.org.uk
Sat, 19 Jul 2008 08:33:10 +0100 

On 19 Jul 2008, at 01:42, Peter Fairbrother wrote:

> Ian Batten wrote:
>> On 18 Jul 2008, at 22:59, Peter Fairbrother wrote:
>>> Michael Simpson wrote:
>>>
>>>> How, by giving them their finger or eye. I believe that there are
>>>> fingerprint devices with pulse oximeters built in to stop this.
>>>
>>> unless eg you use a "jelly-baby" fake fingerprint over a live  
>>> finger. Or a dead finger fed with the right pulses.
>> There are alternatives.  http://www.fujitsu.com/global/about/rd/200506palm-vein.html
>> ian
>
> Wot, more amputationware?

No.

It works using the same mechanism as pulse-ox meters, the different  
response to deep red or IR light of blood depending on its state of  
oxygenation.  So it's looking for the pattern to be pulsing at an  
appropriate rate.  As it's looking at the patterns of fine veins in  
the palm, it would require the attacker to have not just a severed  
hand, but the means to perfuse it with oxygenated blood which  
deoxygenates at at appropriate rate.   Maintaining that without  
bursting or collapsing veins would be hard, and remember the main  
mechanism for the progressive deoxygenation of blood in the peripheral  
vascular system is the takeup of oxygen (you don't just transport  
oxygenated haemoglobin around the body for fun).  So although,  
obviously, everything is fakeable, it's a lot harder than a  
fingerprint or palmprint reader, because it's reading an process which  
is tightly bound to being alive.  Certainly, the resources required to  
perform the attack you describe would be at the outer limits of the  
capability of a major surgical hospital.

At the moment the debate with people who get to sign off security  
assessments is over the uniqueness, or otherwise, of the underlying  
pattern.  There's a corpus of Fujitsu staff and others, of varying  
ethnicities, which shows good difference.  I'm going to push it to the  
people I need to convince, but in conjunction with a physical token  
(ie biometric to validate token, rather than biometric to identify  
individual alone).   The non-contact nature of the reader is nice.

ian