What is a fingerprint is compromised

What is a fingerprint is compromised

Posted Nov 23, 2007 21:34 UTC (Fri) by hingo (guest, #14792)
Parent article: Fingerprint recognition using fprint

This seems to be a good place to as this question that has always haunted me:

How are fingerprints supposed to be secure? I mean say

1. My fingerprint is stored on a database
2. I use fingerprint authentication to login remotely to a server
3. Somebody gets hold of a copy of the database of fingerprints
4. Or they just take a copy of my finger when I use it on some machine, it's not like I can use different fingerprints on each service I use (like you are supposed to do with passwords). So anywhere I'm using fingerprint for authentication, they could stash away a copy of it.
5. Bad guys can now set up their own remote machine, connect to the server, and when it asks for the fingerprint, they just send the image file of my finger. They don't need me, not my finger, not even a fake finger...
6. In conclusion, the only way to securely use fingerprints is when the connection from the scanner to the authentication database can be trusted to be completely non-interceptible and in addition I should trust the party asking for authentication.

I've always thought a better way to do this would be to have my own fingerprint stored on a smartcard and the fingerprint would be used instead of the PIN code to use the smartcard for normal public key encryption. The fingerprint itself would never go further than the smartcard, (for added security, the card would be its own scanner) and on the other hand if my key is compromised, it's easier to get a new card than a new finger.

So, what is the real answer here? I'm sure after 20 years of fingerprint scanning technology, somebody would have thought of this if it was a real problem.

---

(Log in to post comments)

This is why biometrics should only be used for local authentication, where there is no way to
spoof the input without disassembling the sensor or cutting of fingers. Using biometric data
for remote login is, as you've pointed out, a bad idea.

Even locally it is not a very good idea. Mythbusters have shown that you can fool even the top
security fingerprint scanners by simply scanning the finger, printing it out and sticking the
image to a real finger (for temperature/pulse sensors). It was shockingly trivial.

It depends on the fingerprint reader. They don't all make a simple image of your finger to
check the fingerprint. It seems Wikipedia has a nice article about it, so I'll just shup up: 
http://en.wikipedia.org/wiki/Fingerprint_authentication

But yeah, you'd want to use it only for local authentication.

It's not an image. But still an authentication token. And it can't really be replaced in case
it leaks.

And unless you always wear gloves, this information can easily leak.

During the early days of biometrics, people hoped that fingerprints would form a super secure
authentication system. Today we have discovered that this is not the case due to reasons
mentioned by others.

However, fingerprint scanning is still interesting. Rather than rambling on here I'm going to
point you to something that I wrote for the fprint website:
http://www.reactivated.net/fprint/wiki/Security_notes