__________________________________________________________________________________ __ _____ _ __| ____| == | | = _ _ | |___ __|_____| __ __\ \ / \ / / - == \ \/ /\ \/ / __ _\ / \ / ___ \/ \/ -=Cyber Wrath Systems=- -[ BIOMETRIC SECURITY SYSTEMS ]- by Ashtar 1999-2000 ___________________________________________________________________________________ [This text is written from notes I took over 2 years ago when I was studying alittle about biometrics from various resources, its just a brief intro, but I think its fairly useful.] BIOTMETRIC SECURITY INTRODUCTION ---------------------------------- Biometric security systems are basically systems that identify an individual by using a physical, nautral feature, such as a fingerprint, or by the persons voice. These systems are meant to replace passwords in many cases, which can be stolen, forgotten, guessed or cracked. Although they are somewhat tougher to bypass they aren't an end all security soultion and i'll explain in this text, how a number of biometric systems work, what problems are presented when using such systems, and potenial ways they can be "hacked". The types of biometric security systems that will be discussed in this text will be: Finger Print Systems Voice Systems Handwriting Systems Hand Geometry Systems Eye/Retina Scanner Systems WHERE YOU MIGHT SEE BIOMETRICS --------------------------------- Generally you won't see biometrics in too many places, not yet anyway....mostly big important organizations might have them to access particular parts of buildings. Most of these will be on the organizations local network and not so much implemented for remote access. I've seen biometrics in the building of a major ISP. You can get biometrics for the home, i've seen a fingerprint scanner out there in the store. Also now Micro$oft is supposely going to start implementing biometrics for Windows in the future. FINGER PRINT BIOMETRICS -------------------------- These basically consist of a device where you would lay your finger on and it reads your fingerprint to match with a template. The computer takes sections of the persons fingerprint. Certain archs, loops and whorls. The whole fingerprint is not taken for a template, the computer will take small sections of the fingerprint in various areas, this leads to the obviously conclusion that someone with a close enough match, at least on those certain sections of fingerprint would be able to gain access. Also some problems with the inital enrollment could be if the person placed their finger off center or smeared their fingerprint. You'd probably want to wash your hands good before providing a template to help avoid smearing. VOICE RECOGNITION -------------------- The voice biotmetric security system i'm describing in this text is one that is being developed at AT&T. To enroll into the system a user is instructed to repeat a certain phrase several times. The computer would take the samples to digitalize and store each sample and then from the accquired data, build a voice signature that would be open to allow some voice varrations of the produced signature. This obviously could leave a bit of a hole open. Some problems that could arise with a voice based security system is, changes of the voice with age, sickness and also stress would play factors in voice changes that could end up locking a person out of what ever they needed to gain access to. Well, at least you'll get to go home if your sick right? HANDWRITING BIOMETRICS ------------------------- Handwriting biometrics are obviously a way to identify someone by their handwriting style. To enroll the user would give 6 samples of the signature or word they would have to write. The computer takes the samples and creates a verification template using 2 out of the 6 samples. If the dynamics of the signature match the template closely enough the user will be granted access. However, some of these systems have pressure sensors and acceleration sensors which would prevent someone from taking their sweet time to forge the perfect signature...it would have to be casual and fast enough to fool the computer, but with practice, it's possible, thus the old skill of forgery finds its place in the age of computers. HAND GEOMETRY SYSTEMS ------------------------ These biometric systems scan the measurements of a users hand by using recording light from the fingertips to the webbing of the hand. It measures each finger within 1/10,000 of an inch, marking where the beginning and end of the finger is by the varying intensities of light. The information obtained is stored digitally in a system as a template or possibly even coded on a magnetic stripped ID card. A possible problem would be a user who enrolled with long fingernails. If the user were to cut them or grow them more, he/she would probably not be able to gain access. The censors would also not detect the true fingertips of someone either. A bandaid over the finger, thick nailpolish and other factors could come into play if the user enrolls that way to begin with. I'm sure if someone had a swollen hand or just gained/lost weight, this would probably have effects on wether or not access is granted as well. EYE/RETINA SCANNERS ------------------------ Each person has a pattern of blood vessels etc, in the back of their eyeballs. Retina biometric scanners will enroll the user by recording this pattern of blood vessels using an infrared beam, which scans in a circular path around the eyeball. Enrollment takes about 30 seconds, and after a user is added to the system, authenification takes about a 1 1/2 seconds. There is a one in a million chance that 2 people will have a close enough match. Retina biometrics are probably one of the more reliable forms of biometric security. However, if someone is blind (fully or partially), or has cataracts for example, they may have trouble enrolling into the system. SOME THOUGHTS ON BIOMETRICS ------------------------------- While it may be a bit of a challenge to get past a biometric system, its not impossible. Of course....you could take 'hacking' to a whole new level and 'hack' some users hand off for access...but thats a bit extreme (well, maybe). Cloning someones body part maybe? Making a wax mold of somebody's hand? Hell, I don't know. Implementing biometrics on a wide scale will almost certainly strike up alot of privacy concerns and activism. Therefore I really don't see it getting overly popular, but you never know what the future holds. Either way, if your working in some place who has biometrics implemented, know that alot of biometric systems do log access times and whatnot, and with biometrics there won't be any "Umm...must have been someone using my eyeball! That wasn't me in there browsing through the classified documents!" So becareful if your doing something shady. Theres probably a way to turn off logging, but this would depend on which particular biometric system the place is using. If you find yourself in a biometric secured enviorment and want to find out more about that particular system, I can't stress how much information company websites will give about a product. Fire up that browser and find out all you can about it. General information is great, but with something like biometrics, you'll probably want to get information on your specific product. _______________________________________________________________________________________ Greets: Moshing, Talk, Guato, Mister_Geen (C) Ashtar