Fingerprint Recognition with Linux & IBM's T42 156
Michael R. Crusoe writes "UPEK, provider of popular fingerprint sensors to IBM's T42 notebooks and others, has announced that they will be providing a BioAPI compliant library to perform biometric authentication under GNU/Linux. Will Linux be the first operating system to have integrated biometric user authentication 'out of the box'?"
Re:Ahem, PAM (Score:3, Informative)
To answer the question: No. (Score:4, Informative)
Re:Ahem, PAM (Score:5, Informative)
Here's a guy that won't be using it! (Score:3, Informative)
OK, so the Merc was worth USD 75,000 to the thieves, a little more than a laptop. But if a dead finger works, a plastic replica would work as well. Before using a system like this, it may be worth considering the value that the data on a laptop might have to unscrupulous rivals ...
Is it worth this kind of horror to protect the laptop itself? There are easier and better ways to protect *data*.
Re:Ahem, PAM (Score:5, Informative)
No. For example, the OpenSSH server needs explicit support for GSSAPI to support Kerberos Single Sign On. That could not be done within PAM.
Re:So big brother will run on Linux... (Score:1, Informative)
http://www.kronos.com/uk/profiles/mfi_uk.htm [kronos.com]
Re:By the way, biometrics & DRM ? (Score:2, Informative)
References here [ncl.ac.uk] and here [schneier.com].
Re:To answer the question: No. (Score:2, Informative)
Re:Ipaqs (Score:3, Informative)
Basically, the ability to detect a fake fingerprint with a casual test has never existed. The sensors just aren't good enough, even if the software authors were willing to invest the resources to store really thorough images of fingerprints, which they're not.
Re:That wouldn't be a first (Score:2, Informative)
To the end user, all they have to do is install their linux distribution and it just works.
I've been using Linux for a while now (Red Hat 6.2 was my first). When I first started, you kinda had to plan your hardware for linux or hope it would work. Today, I don't think twice about linux support. Most times I can plug in my new usb device right out of the box (via hotplug) with no driver disks, update searches, searching HP's website, etc etc.
Obviously there are exceptions, but it's been a looooooooong time that I've bought hardware that doesn't work with Linux.
Re:That wouldn't be a first (Score:3, Informative)
Re:Use of finger-prints !=security (Score:4, Informative)
Unfortunately, fingerprint authentication does NOT satisfy government requirements (not to mention the inherent insecurity should you ever be prosecuted).
CFR 21 part 11 (Code of Federal Regulations governing electronic signatures) mandates that you have to have at least 2 out of 3 things to be said to have securely authenticated:
If any system is compromised, and 2 out of the 3 above are used, then there is a conspiracy (like you gave your keycard and password to someone else).
The issue about security when prosecuted, is that your physical body (fingerprints as well) are subject to "search and seizure" if you are ever arrested (even if 100% innocent). There was a case that went to the Supreme Court (which I can't recall the name of) where a man argued that his fingerprints were "property", and until he waived his rights to his property, he could not be fingerprinted. I'm not sure how that turned out though.
Basically if you're arrested and they fingerprint you, they could just as easily scan in your fingerprints electronically and "replay" those back later to gain access to your biometric laptop or other devices.
Best to use 2 out of the 3 (or 3 out of the 3) above, so they can't gain access to your protected data without your approval or consent.
Re:Ipaqs (Score:3, Informative)
The FingerChip(tm) has been doing exactly this since about 1998 or earlier (that's 7+ years). The FingerChip is about 1mm x 8mm in size (about 1/2" long, about the width of a wooden matchstick). I think the company sold its technology to someone else now over the years, but lots of companies are using it... including IBM.
I was investigating their scanners back in 1998 when I was doing biometric authentication on wireless tablets running Citrix Metaframe for $BIG_PHARMA. This was back in 1998!! Technology has, of course, improved considerably since then.
Basically you swipe your finger across the FingerChip and at least 52 separate datapoints are gathered, which include speed of the swipe, pressure, heat, and of course the standard whoops and swirls of your fingerprint itself. We tried using lifting techniques and other things on it (as did the manufacturer), and it was simply not possible.
It is similar to trying to forge a signature. Sure you can forge it so the end result looks identical, but did you press your pen with the same pressure? Did you dot your "I" before you finished the word, or after? Did you cross your "T" from left to right, or right to left?
Any biometric scanner that doesn't measure these kinds of things shouldn't be used.
Incidentally, we tried lots of different kinds of scanners, including voice. The voice biometric scanners had about a 90% failure rate in our tests. I could log in as my colleague, just by repeating his exact intonation and speed... I could not, of course, imitate his fingerprint.
Re:Ahem, PAM (Score:2, Informative)
AFAIK not - fingerprint is just "convert black&white image to curves, find markers (like end of "line", join of 2 lines etc.) and save relative position of these markers. In fact fingerprint "image" is usually a few 10s of bytes!
Yes this true. It depends on the system used but the one i know works like this. Once aquired as a real image, a complex algorithm is invoked to convert the image into a set of coordinates, that represent different interesting points in the fingerprint.
A match is a % of same coordinates between the stored and the scanned print. Interesting to note is that this % is fixed by law and depends on which country you are !
Re:Anyone on breaking the biometric authentication (Score:1, Informative)
Optical scanners work using an image of the print itself. The finger is pressed against glass, so that at a particular angle the print is very clear.
Capacitive scanners work using a grid of electrodes: the higher parts (ridges) disrupt the conductivity of some electrodes, and the lower parts (valleys) don't. This pattern of disrupted capacitance is the print.
The best capactitive scanner will be able to tell from sweat in the pores if the finger is live, or if it has been chopped off. Likewise, glue or images will not work.
An optical scanner is much easier to fool.
If you are simply looking to mess up your fingerprint to avoid identification the 3M liquid bandage stuff is the best.