Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

Biometric Fingerprinting - Pag Talk

Charles Flynn

By Charles Flynn
in Local News

Recommended Posts

Cambon Mentor

Cambon

Posted
Posted
No, you're very clearly confused about encryption and compression, which is why you've made those incorrect statements above. Not sure what that has to do with what newspaper we all read?

 

I've never said I trust the government. My stance all along has been that I don't need to trust the government because a thumbprint scanner doesn't actually store any sensitive personal data, see? I don't know how I can put this any plainer that will be understood.

 

I am not confused about encryption and compression, and you can bleat about hashing as much as you want, but the fact is still there. If something can be encrypted, it can be restored to a facsimile of it's previous form.

 

 

Chip and pin has virtually eliminated point of sale fraud. What's increased is 'customer not present' fraud, basically because that doesn't require chip n pin, so that's where the fraudsters have moved too. There's also some evidence of pin scraping going on moving to cash machines.

 

I'm not a big fan of chip n pin, and the industry has admitted it went for the cheap solution when active two factor systems would have been a big improvement, but to claim frauds up since it's introduction is just plain wrong.

To Dodger:.......

You keep saying the same wrong stuff. How can a stolen hash of a thumbprint be missused? Explain it in detail, with information to back up your claim.

 

Your point about point of sale is irrelevant. We were promised that chip and pin would pretty much irradicate card, which at the time was mainly point of sale. As you said most card fraud now is customer not present, and had tripled. As I said to the criminal, chip and pin was just another opportunity.

 

Stolen hashes of finger/thumb prints will be used to set up fake ids in order to frame people, not necessarily vindictively, but to throw the scent off the true criminal.

I do think we need stronger authenticating personal id than a (biometric!) signature and a four digit pin however, and I'm sick of the number of two factor tokens I have already (I've got four, from various different organisations), so I can certainly see the case for a national system if it can prove to be secure. I'm not sure it'll ever be possible though.

 

One final point; kids are giving far far more potentially and future damaging personal information, including biometrics to Myspace, MSN, Google, Facebook and Beebo than to any school library system. Nobody is batting an eyelid at that.

 

The first bit is about the most sensible thing you have said in this thread. However, your point about kids and myspace etc. is also true for adults. Most adults are stupid when it comes to sensitive data. For example, a few weeks ago I was registering a warranty online. Now this should be a simple, straight forward thing. However, apart from name and address, it wanted date of birth and mother's maiden name for security purposes, plus they were mandatory. It also asked if I wanted to extend my warranty. If so I had to give my bank details. Obviously, I lied about the date of birth and mother's maiden name, also I think anyone who takes out extended warranties should have their head examined. However, had I done so and their database would pretty much have all the information needed to gain access to my bank accounts. I wonder how secure that data is and how many people have access? I also wonder how many people have simply complied with the requests!

 

However, you are wrong about fingerprints. Your mother's maiden name is unlikely to link you to the scene of a crime.

Link to comment
Share on other sites
  • Replies 277
  • Created
  • Last Reply
ai_Droid Newbie

ai_Droid

Posted
Posted
I am not confused about encryption and compression, and you can bleat about hashing as much as you want, but the fact is still there. If something can be encrypted, it can be restored to a facsimile of it's previous form.

 

You clearly are, because you're wrong. And you're wrong because one way hashes are in wide use, they exist, they're true, and you can say 'lalalala I'm not listening' as much as you like with your fingers in your ears, it doesn't stop them existing. The are very clearly and publicly defined:

 

ftp://ftp.isi.edu/in-notes/rfc3874.txt

 

If one way hashes were decryptable in the way you suggest, pretty much all online security would fail. VPN's wouldn't be secure. Packages distributed by microsoft and red hat would be tamperable. Passwords wouldn't be secure in databases. Security applications like Tripwire wouldn't work. If this was trival to crack, don't you think it would have been done by now, given pretty much everything sensitive online is protected in this way?

 

"Developed in 1994, MD5 is a one-way hash algorithm that takes any length of data and produces a 128 bit "fingerprint" or "message digest". This fingerprint is "non-reversible", it is computationally infeasible to determine the file based on the fingerprint. This means someone cannot figure out your data based on its MD5 fingerprint. "

 

To take an example of the challenge of brute force reversing a a 160-bit hash, you would need to try about 2 ^ 160 = 1.5E48 various strings.

 

Like I said though, even if you could decrypt it, you still wouldn't have the data. The hash doesn't contain the data, it's a fingerprint of the data.

 

Some links:

http://www.cs.bham.ac.uk/~mdr/teaching/mod...tures/hash.html

http://www.spitzner.net/md5.html

 

 

You are confused I'm afraid, you referred back to an earlier conversation we had about lossless and lossy compression, which has nothing at all to do with this.

 

Your point about point of sale is irrelevant. We were promised that chip and pin would pretty much irradicate card, which at the time was mainly point of sale. As you said most card fraud now is customer not present, and had tripled. As I said to the criminal, chip and pin was just another opportunity.

 

It's not irrelevant, card fraud hasn't risen over all, it's been greatly reduced by chip and pin. Not present fraud has increased, but not over the amount of fraud that was reduced by the introduction of chip and pin. That's not the same as what you said clearly.

 

Stolen hashes of finger/thumb prints will be used to set up fake ids in order to frame people, not necessarily vindictively, but to throw the scent off the true criminal.

 

That simply isn't possible.

 

However, you are wrong about fingerprints. Your mother's maiden name is unlikely to link you to the scene of a crime.

 

Sigh. Fingerprint scanners do not store fingerprints. Is that clear?

Link to comment
Share on other sites
Albert Tatlock Grand Master

Albert Tatlock

Posted
Posted
Sigh. Fingerprint scanners do not store fingerprints. Is that clear?

Here's my understanding of hashing, followed by a question as regards it's potential weakness.

 

How it works (have I got this right?)

 

They have designed algorithms (mathematical formulae) that when calculated with your unique thumbprint input (i.e. MyThumbData1) produces a unique hash number for (MyThumbData1) called (MyThumbData1Hash). This means that whenever (MyThumbData1) is input using the algorithm (e.g. your thumbprint scanned by scanners containing the same algorithm in different shops) the algorithm will always produce output (MyThumbData1Hash).

 

What we have get our heads around is the fact that the algorithm is not 'merged' with the original data but just used to calculate a hash from it, so by having just the hash and the algorithm you cannot 'decrypt' the original data stream (MyThumbData1). The bit that is hard to work out is that the unique encryption algorithm is actually your unique thumbprint MyThumbData1 which only you and the government hold. To confirm the message (MyThumbData1) is correct, at the receiving end (Government HQ) they can then compare your stored hash with the hash produced when they run the stored (MyThumbData1) - or just look up (MyThumbData1Hash) either could be stored when they scanned you the first time when you proved who you were at the cop shop. In other words hashing is used to ensure the message sent matches the message stored (e.g. thumbprints).

 

The more 'complicated' the algorithm the less probability that two different inputs (Data1 and Data2) will produce the same hash i.e. both produce Data1Hash.

 

They have tested the first versions of the algorithms to show that the probability of 'collisons' (i.e. 2 different inputs producing the same hash number) is around 1 in 2^80 (sod all, so effectively 2 different people won't show up as the same person on the system). They are currently developing other algorithms with much lower probabilities of producing the same hash.

 

Question

 

What's stopping a corrupt government employee adding a series of people (including previously worked out dodgy thumbprints/hash numbers) to the database? Also, what's to stop a corrupt or inept government employee swapping dodgy hash numbers over in the database? In other words isn't the integrity of the whole system down to those who administer it and the frequency at which the algorithm is swapped (which infers they would also have to store your original MyThumbData1 raw data - otherwise you'd have to go for regular rescans at the cop shop)?

 

Edited to ask: What happens if a load of raw (MyThumbData1) info is accidently released by the government, someone getting hold of this data and having access to the workings of a scanner - then reproducing a series of dodgy thumbprints based on the fact that the scanner picks various unique parts of a thumbprint to produce (MyThumbData1) so therefore it must be possible to reproduce a representation of a thumbprint from this raw data? Again, if they don't hold the original MyThumbData1 data, everytime they change the algorithm we have to get rescanned at the cop shop - as all they will hold is a now useless hash number.

Link to comment
Share on other sites
Cambon Mentor

Cambon

Posted
Posted
You clearly are, because you're wrong. And you're wrong because one way hashes are in wide use, they exist, they're true, and you can say 'lalalala I'm not listening' as much as you like with your fingers in your ears, it doesn't stop them existing. The are very clearly and publicly defined:

 

ftp://ftp.isi.edu/in-notes/rfc3874.txt

 

If one way hashes were decryptable in the way you suggest, pretty much all online security would fail. VPN's wouldn't be secure. Packages distributed by microsoft and red hat would be tamperable. Passwords wouldn't be secure in databases. Security applications like Tripwire wouldn't work. If this was trival to crack, don't you think it would have been done by now, given pretty much everything sensitive online is protected in this way?

 

One way hashes and certificates in the context of VPN and IP change almost everytime you use them. It The benefit of desyphoring them would not be cost effective to a criminal. With finger printing, the calculation has to be exact and consistant to be of any use. Plus it will be widely available and used. Therefore it would be of great use to a fraudster.

 

You sound like a typical 21 century analyst/programmer - all logical thinking and no lateral thinking.

 

It's not irrelevant, card fraud hasn't risen over all, it's been greatly reduced by chip and pin. Not present fraud has increased, but not over the amount of fraud that was reduced by the introduction of chip and pin. That's not the same as what you said clearly.

 

Card fraud has trebled since the introduction of chip and pin, or are the lending bodies wrong about that too?

 

Sigh. Fingerprint scanners do not store fingerprints. Is that clear?

 

If it is not stored, how can it be verified?

Link to comment
Share on other sites
ai_Droid Newbie

ai_Droid

Posted
Posted
How it works (have I got this right?)

They have designed algorithms (mathematical formulae) that when calculated with your unique thumbprint input (i.e. MyThumbData1) produces a unique hash number for (MyThumbData1) called (MyThumbData1Hash). This means that whenever (MyThumbData1) is input using the algorithm (e.g. your thumbprint scanned by scanners containing the same algorithm in different shops) the algorithm will always produce output (MyThumbData1Hash).

 

Close, but not quite. Firstly the hashing algorithms most likely won't be designed by the biometric scanner supplier, it'll most likely be based on something like SHA1 or MD5, they're already out there, and particularly in the case of SHA, as safe as houses.

 

Second, there's another stage, but this differs from vendor to vendor. The scanners all interpret thumbprints in different ways, using their various recognition systems, the commercial ones are propriatory and incompatable, but most of them are based at a basic level around the relative positions of ridges on the fingerprint. Straight image capture and comparrison wouldn't really work, as people wouldn't always put their thumb in the same position, or their fingers might be dirty or cracked or whatever.

 

So what the database is finally recording is a one way hash of a propriatory recognition template of a thumbprint.

 

What we have get our heads around is the fact that the algorithm is not 'merged' with the original data but just used to calculate a hash from it, so by having just the hash and the algorithm you cannot 'decrypt' the original data stream (MyThumbData1). The bit that is hard to work out is that the unique encryption algorithm is actually your unique thumbprint MyThumbData1 which only you and the government hold. To confirm the message (MyThumbData1) is correct, at the receiving end (Government HQ) they can then compare your stored hash with the hash produced when they run the stored (MyThumbData1) - or just look up (MyThumbData1Hash) either could be stored when they scanned you the first time when you proved who you were at the cop shop. In other words hashing is used to ensure the message sent matches the message stored (e.g. thumbprints).

 

Yes, that's right.

 

The more 'complicated' the algorithm the less probability that two different inputs (Data1 and Data2) will produce the same hash i.e. both produce Data1Hash.

 

Hmm, not really 'complicated', but you can produce a hash that's harder to brut force by simply making longer digests, which increases the number of pairs you'd have to try to brut force it. Realistically though, even sha1 we're talking such massive numbers, that the longer digests aren't currently necessary.

 

They have tested the first versions of the algorithms to show that the probability of 'collisons' (i.e. 2 different inputs producing the same hash number) is around 1 in 2^80 (sod all, so effectively 2 different people won't show up as the same person on the system). They are currently developing other algorithms with much lower probabilities of producing the same hash.

 

It does depend on what algorithm is used of course. SHA-1 is considered to be safer than md5 for example, and then there's the use of salting to further increase the hashes uniqueness and prevent decryption.

 

But then, in the case of school biometrics, you're not really that worries:

 

1) its low security app, so nobody will be arsed to crack it, given the effort involved

2) the thumbprint isn't in the hash anyway, just the propriatory pattern recognition template

3) even if you could get a thumbprint out, so what? If you really wanted the kids thumbprint that badly, you could dust off a door handle, or a maccy d's thick shake cup..

 

Question

What's stopping a corrupt government employee adding a series of people (including previously worked out dodgy thumbprints/hash numbers) to the database? Also, what's to stop a corrupt or inept government employee swapping dodgy hash numbers over in the database? In other words isn't the integrity of the whole system down to those who administer it and the frequency at which the algorithm is swapped (which infers they would also have to store your original MyThumbData1 raw data - otherwise you'd have to go for regular rescans at the cop shop)?

 

We're back to ID cards now, when I was trying to demonstrate that the fears on the school biometrics were unfounded :)

 

 

But regarding tampering with hashes, yes, you could do that, but it's harder to do with biometrics obviously, because you need the physical attributes to match up to the hash. But yeah, anyone with database access could do what they liked. That's not the same as reproducing the data for the purpose of stealing it though, you can't do that with a hash.

 

I'm also not a huge security expert, just an interested amature, if someone who is wants to pop in on this last point, I'm happy to be corrected :)

Link to comment
Share on other sites
ai_Droid Newbie

ai_Droid

Posted
Posted
One way hashes and certificates in the context of VPN and IP change almost everytime you use them.

 

Wrong yet again Cambon. If you're talking about SSL/TLS and it's use of certificates, those use one time SHA1 hashes as part of the verification. They never change. Go to any website that uses SSL, the thumbprint can be viewed, you'll see it never changes.

 

As for hashing for VPN's, I think you're getting confused (again) with the difference between hashes uses to prevent tampering of packets and keys used to encrypt and decrypt the data. The hashes obviously change all the time, because the data that's being transported is changing. Besides, there's lots of different implementations of VPNS, including SSL, which uses certificates, so the above example fits.

 

 

It The benefit of desyphoring them would not be cost effective to a criminal.

 

Huh?

 

With finger printing, the calculation has to be exact and consistant to be of any use. Plus it will be widely available and used. Therefore it would be of great use to a fraudster.

 

Exactly the point of using a hash, you get the same resulting outcome on the same source data. That's the reason you use a hash. How's that useful to a fraudster? It's usless without the source data (in this case, the thumb!)

 

You sound like a typical 21 century analyst/programmer - all logical thinking and no lateral thinking.

 

You sound like a typical Daily Mail Reader, all objection and opinion and no depth of knowledge.

 

Card fraud has trebled since the introduction of chip and pin, or are the lending bodies wrong about that too?

 

No, you're wrong about it. Lets see your source eh? I'll show you mine, the card issuing authorities official figures:

 

http://www.apacs.org.uk/media_centre/press/06_07_11.html

 

2005 £252.6m (pre chip n pin)

2006 £219.5m (chip n pin partially introduced)

£209.3m (chip and pin complete)

 

This is taking into account the fact that chip n pin basically moved fraud from the high street to abroad/customer not present. If you just look at cardholder present, chip and pin has done really well:

 

Retailer (face-to-face)

2004 £112.8m

2005 £73.2m

2006 £42.1m

 

 

A drop in credid card fraud of - 43%

 

 

 

If it is not stored, how can it be verified?

 

Are you taking the piss? Using a hash!

Link to comment
Share on other sites
Cambon Mentor

Cambon

Posted
Posted

According to Wiki, the UK card fraud figure for 2006 alone was £428 million. With regard to APACS, they have always been pro chip and pin so the figures are bound to be engineered down and look good. You need to keep in mind that chip and pin is there to protect the bank, not the customer.

 

The hash from the reader needs to be validated against something, so what is it validated against?

 

By the way, I am not a Daily Mail reader, nor a Times reader. All the tabloids are full of misleading spin in one direction ot the other. All I am interested in is the financials.

Link to comment
Share on other sites
ai_Droid Newbie

ai_Droid

Posted
Posted
According to Wiki, the UK card fraud figure for 2006 alone was £428 million. With regard to APACS, they have always been pro chip and pin so the figures are bound to be engineered down and look good. You need to keep in mind that chip and pin is there to protect the bank, not the customer.

 

Wikipedia? This page?. The reference that says:

 

"In 2006, fraud in the United Kingdom alone was estimated at £428 million,[citation needed]"

 

That comes from the apacs report here:

 

http://www.imrg.org/ItemDetail.aspx?clg=ne...;language=en-GB

 

So, you're saying apacs is wrong, then using their figures to say it's right?

 

The same report also goes on to say:

"Apacs said the widespread adoption of chip-and-pin technology has reduced overall card fraud"

 

Summary of the figures here:

http://www.apacs.org.uk/resources_publicat...nd_figures.html

 

The hash from the reader needs to be validated against something, so what is it validated against?

 

The hash stored in the database.

Link to comment
Share on other sites
Cambon Mentor

Cambon

Posted
Posted
The hash from the reader needs to be validated against something, so what is it validated against?

 

The hash stored in the database.

 

 

Thank you for finally admitting the data is stored.

 

As an aside on the Credit card front, did you know that the general advice is now to contact your bank, not the police? That is how far out of hand card fraud has gone - the police and associated government bodies are no longer interested! So basically it is now seen as a fact of life not a crime. :angry:

Link to comment
Share on other sites
ai_Droid Newbie

ai_Droid

Posted
Posted
Thank you for finally admitting the data is stored.

 

Can't you read? I said a hash. Having spent a lot of time explaining what a hash is, I'd thought you'd finally understand? The hash from the thumbprint is compared with the hash in the database. No thumbprint data is required in the database. That clear enough? Should I draw you a picture?

 

As an aside on the Credit card front, did you know that the general advice is now to contact your bank, not the police? That is how far out of hand card fraud has gone - the police and associated government bodies are no longer interested! So basically it is now seen as a fact of life not a crime. :angry:

 

There's a lot fucked up about credit card fraud. The most worrying new development is that with the intruduction of chip and pin, the banks consider themselves secure, so if you get defrauded via chip and pin, the banks consider either the cardholder or the retailer responsible for lax security.

 

It's not ideal, chip and pin is really too weak. They really should have gone for the two factor authentication that online banking is heading towards, and stood the extra cost (to combat phishing). That would have protected against cardholder not present attacks too. Of course, this costs more, so they have to balance between the costs of the frauds and the cost of implementing the new systems.

Link to comment
Share on other sites
slinkydevil Mentor

slinkydevil

Posted
Posted
Thank you for finally admitting the data is stored.

 

Yes the hash is stored not the fingerprint.

 

So here's the MD5 hash for 'knobjockey'

 

21761f4a9fd7d9689aaaeca16229692b

 

this is what's stored to match it against:

 

21761f4a9fd7d9689aaaeca16229692b

 

now without knowing you are knobjockey you are going to have a hard time working out what 21761f4a9fd7d9689aaaeca16229692b means.

Link to comment
Share on other sites
Dodger Newbie

Dodger

Posted
Posted

The fact that the number is stored and that the same number will be recreated with each time it is used, as this is the point.......

 

If I have a thumbprint that I want to trace back to a person, I could scan it into the database and it would give me the details stored on that person. The issue is with the data storage being compromised in the future, whether by accident or not. No system is foolproof! I then have a database that as long as I use the same software will give me the same number, if at a later stage the person uses a thumbprint scanner it will link it in.

 

The issue with the school is that if you use a certain product then you become used to it and accept it, therefore later on in life it would be minor to have it included on a passport/id card etc.

 

Glad to see the use of links to verify information :D

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...