Weekly Edition
Return to the Security page| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Fingerprint recognition using fprint
Fingerprint scanners are becoming more commonplace, especially on laptops, to add a layer of biometric authentication. Linux support for these devices has been somewhat varied, with each scanner model supported by its own driver and API, or not supported at all. In addition, a number of the drivers are closed source; something that should worry anyone installing security software. The fprint project aims to change that by providing a standardized API for as many different scanners as it can.
Born out of a Computer Science academic project for founder Daniel Drake, fprint was released this month under the LGPL. Unlike other scanner projects, fprint is not targeted at a specific device, it supports quite a few using a half-dozen or so different drivers. The drivers, as the name would imply, handle the low-level details of talking to the devices using libusb.
Fingerprint scanners all work differently; some process the image of the print internally, while others present the image to the driver. In order to have a standard API, regardless of the scanner used, the libfprint library handles those differences internally. If required, it uses image processing code from the US National Institute of Standards and Technology that is specifically designed for fingerprint matching.
In order to use fingerprints for authentication, there must be a training or enrollment mode where the scanned fingerprint is stored away for later use. Once that has been done, fingerprints can be verified for a particular user. fprint does not yet support identification mode, where an unknown finger is scanned and a database of stored prints is checked for a match. The current code requires a username or other identifier, comparing the print stored for that user with the one scanned.
Because it handles multiple devices, there could be occasions where there is a print stored for a particular user, but it was scanned with a different device. Some fprint drivers can handle multiple similar scanners, so it distinguishes between them using a device type assigned by the driver. It tags each stored print with the driver ID as well as the device type. To be comparable, the prints must have come from the same driver with the same device type.
Application writers do not want to have to interface to multiple different library APIs to support fingerprint authentication. The libfprint API provides a single interface for applications. All phases of dealing with the scanners are available through the API: device discovery, print enrollment, print discovery, and verification. In addition, pam_fprint has integrated with Pluggable Authentication Modules (PAM) to handle logging in via fingerprint instead of password.
There are other projects out there solving similar problems, but none seems to have taken the big picture view that fprint has. The Debian FingerForce team has gathered a list of Linux fingerprint scanning solutions, most of which are specific to a particular scanner or family of scanners. BioAPI also tries to abstract away the specifics of biometric authentication, but it is not a free standard.
By trying to support as many scanners as they can, while providing a generic interface, fprint seems to have the right approach to fingerprint authentication. There is still plenty to be worked on, fingerprint data is currently stored unencrypted for example, but the approach seems sound. For anyone with a scanner on their laptop, or a USB version that they carry around, applications supporting fprint will be very welcome. Anyone creating software that is interested in supporting fingerprint authentication, will definitely want to give fprint a look.
(Log in to post comments)
'closed source'
Posted Nov 21, 2007 12:00 UTC (Wed) by epa (subscriber, #39769) [Link]
When you say 'closed source' do you mean that you can look at the source code, but it's not open to share and change it - or do you mean that the source code is not public at all - or the union of those two conditions (in other words anything that is not open source). I think it would be better to avoid this term and if you want to say 'not open source', say that. If you mean proprietary software, say that. If you mean software that has source code available but is not open source... well, there's no good term for that and you have to be explicit.
suggestion
Posted Nov 21, 2007 13:28 UTC (Wed) by hummassa (subscriber, #307) [Link]
F/OSS = Free and/or Open Source software shared source = source is available but software is proprietary (non-Free) closed source = obvious
suggestion
Posted Nov 21, 2007 14:21 UTC (Wed) by epa (subscriber, #39769) [Link]
I think 'shared source' is an even more confusing term than 'closed source', perhaps deliberately confusing, coined by Microsoft in an attempt to sound close enough to open source and muddy the waters.
suggestion
Posted Nov 21, 2007 16:10 UTC (Wed) by JoeBuck (subscriber, #2330) [Link]
While Microsoft's term is confusing, they certainly didn't invent the "source is available to licensees" concept, which is practically as old as computing.
suggestion
Posted Nov 22, 2007 8:51 UTC (Thu) by Cato (subscriber, #7643) [Link]
I usually use 'source available', which has some usage in the industry where source is
provided to customers but cannot be redistributed, instead of 'shared source' which is a
marketing term invented by Microsoft. F/OSS ('open source') and closed source are quite clear
as the other key terms.
"open box" (Peter Neumann)
Posted Nov 21, 2007 17:18 UTC (Wed) by dwheeler (subscriber, #1216) [Link]
Peter Neumann has recommended the term "open box" to mean "it's possible to look at the source code". All publicly-released open source software is "open box", but so are many proprietary programs.A complicating factor is that some proprietary programs' software is available for viewing, but only under certain very restrictive licenses or only to certain parties. Microsoft allows various governments to view Windows software; not only is it proprietary, but NOT everyone is allowed to view it. Is that "open box"? It is to those allowed to look at it... but you're certainly not going to get the widespread review that software viewable to EVERYONE will get, and so using the term "open box" in such cases is misleading. Which may be why the term hasn't been very common.
"Shared source" is just a Microsoft marketing label. It means that Microsoft has SOME mechanism to give you source code, under SOME license. Some of those licenses are OSS, some are proprietary.
It would be misleading to think that "open box" for proprietary software and "open source software" are likely to have the same results. Non-open-source-software has an economic problem with encouraging review: If you can't freely modify or copy it, others have a lot less incentive to DO this review. (I.E., "Why should I be your unpaid advisor?") So even if the source code is viewable to all, you're less likely to get the deep review if it's not OSS. OSS isn't always well-reviewed either, but at least the POTENTIAL is there and the economics are better-aligned toward widespread review.
Fingerprint recognition using fprint
Posted Nov 21, 2007 21:23 UTC (Wed) by socket (guest, #43) [Link]
Always good to see more open drivers. So, I'm curious: what's the false positive and false negatives is for these scanners, or the pattern recognition software? I've heard rumors that fingerprints aren't really as unique as once thought, and that two human experts can reasonably disagree on matches, but this is purely anecdotal to me. Anybody got resources on this?
Fingerprint recognition using fprint
Posted Nov 22, 2007 18:39 UTC (Thu) by dsd (guest, #49212) [Link]
I don't have any solid references here, but I'll describe some of my experiences using the software with my current range of fingers and thumbs using a few different fingerprint readers: For the sensors which produce big images (UareU 4000 and AES2501), I have not yet seen a false acceptance. You can get false rejections if you put effort into it -- rotating the finger quite significantly or whatever, but really once you have scanned a few fingers and picked up the technique it is unlikely that you will see false rejections on a frequent basis. For the sensors that produce small images (AES4000, AES1610 and UPEKTC), the false rejection rate is quite high. We need to tune the matching algorithms to perform better when comparing fingerprints with less feature points. I have not tested AES1610 or UPEKTC myself, but I did see my *first* false acceptance yesterday with AES4000. I probably have lowered the matching threshold a little too far. In all cases, the drivers will be improved to provide better images, and we should be able to improve upon the fingerprint processing/matching code too. For UPEKTS, the processing is done in hardware, and I have yet to see a false acceptance. False rejections are not common unless you did not scan your finger well during the enrollment process. This is useful because everything is done in hardware so we cannot tweak it :)
Fingerprint recognition using fprint
Posted Nov 22, 2007 18:32 UTC (Thu) by dsd (guest, #49212) [Link]
A minor addition: I have just published a new libfprint release which includes identification support (the article says it is not supported, which of course was true at the time!). Thanks for helping spread the word about my project :)
Fingerprint recognition using fprint
Posted Mar 22, 2008 6:53 UTC (Sat) by vchristo (guest, #51214) [Link]
some one can help me. I do like to develope a software based on libfprint. and I need some example able to log a event every time someone put the finger on fingerprint. tks
What is a fingerprint is compromised
Posted Nov 23, 2007 21:34 UTC (Fri) by hingo (subscriber, #14792) [Link]
This seems to be a good place to as this question that has always haunted me:How are fingerprints supposed to be secure? I mean say
- My fingerprint is stored on a database
- I use fingerprint authentication to login remotely to a server
- Somebody gets hold of a copy of the database of fingerprints
- Or they just take a copy of my finger when I use it on some machine, it's not like I can use different fingerprints on each service I use (like you are supposed to do with passwords). So anywhere I'm using fingerprint for authentication, they could stash away a copy of it.
- Bad guys can now set up their own remote machine, connect to the server, and when it asks for the fingerprint, they just send the image file of my finger. They don't need me, not my finger, not even a fake finger...
- In conclusion, the only way to securely use fingerprints is when the connection from the scanner to the authentication database can be trusted to be completely non-interceptible and in addition I should trust the party asking for authentication.
So, what is the real answer here? I'm sure after 20 years of fingerprint scanning technology, somebody would have thought of this if it was a real problem.
What is a fingerprint is compromised
Posted Nov 24, 2007 7:16 UTC (Sat) by tetromino (subscriber, #33846) [Link]
This is why biometrics should only be used for local authentication, where there is no way to spoof the input without disassembling the sensor or cutting of fingers. Using biometric data for remote login is, as you've pointed out, a bad idea.
What is a fingerprint is compromised
Posted Nov 26, 2007 0:42 UTC (Mon) by aigarius (subscriber, #7329) [Link]
Even locally it is not a very good idea. Mythbusters have shown that you can fool even the top security fingerprint scanners by simply scanning the finger, printing it out and sticking the image to a real finger (for temperature/pulse sensors). It was shockingly trivial.
What is a fingerprint is compromised
Posted Nov 24, 2007 12:06 UTC (Sat) by i3839 (subscriber, #31386) [Link]
It depends on the fingerprint reader. They don't all make a simple image of your finger to check the fingerprint. It seems Wikipedia has a nice article about it, so I'll just shup up: http://en.wikipedia.org/wiki/Fingerprint_authentication But yeah, you'd want to use it only for local authentication.
What is a fingerprint is compromised
Posted Nov 25, 2007 7:59 UTC (Sun) by tzafrir (subscriber, #11501) [Link]
It's not an image. But still an authentication token. And it can't really be replaced in case it leaks. And unless you always wear gloves, this information can easily leak.
What is a fingerprint is compromised
Posted Nov 26, 2007 13:09 UTC (Mon) by dsd (guest, #49212) [Link]
During the early days of biometrics, people hoped that fingerprints would form a super secure authentication system. Today we have discovered that this is not the case due to reasons mentioned by others. However, fingerprint scanning is still interesting. Rather than rambling on here I'm going to point you to something that I wrote for the fprint website: http://www.reactivated.net/fprint/wiki/Security_notes
Fingerprint recognition using fprint
Posted Nov 25, 2007 12:54 UTC (Sun) by man_ls (subscriber, #15091) [Link]
Silly questions on a bored Sunday: can the NIST code be distributed freely, and is it Free software? My cursory examination of the main page for NBIS did not show an easy answer.
Fingerprint recognition using fprint
Posted Nov 26, 2007 13:06 UTC (Mon) by dsd (guest, #49212) [Link]
yes: From http://www.itl.nist.gov/iad/894.03/nigos/NIGOS_licdis_061... "This software was developed at the National Institute of Standards and Technology (NIST) by employees of the Federal Government in the course of their official duties. Pursuant to title 17 Section 105 of the United States Code. This software is not subject to copyright protection and is in the public domain." As for the export control (non-)issues, see my writeup at: http://www.reactivated.net/fprint/wiki/US_export_control