Apple’s Touch ID fingerprint scanner seems to have fueled an important but ill-informed and ultimately nonsensical debate about biometrics and privacy. The latest example is this muddled editorial in the Sept. 22 New York Times.
The Times editorial, and a great deal of other discussion of the issue, errs in confusing two completely different uses of biometric data: authentication and identification.
The iPhone uses fingerprints for authentication. It scans your finger an checks if it matches previously recorded data (read this for a deep dive into how the process works and why it is secure.) You can record up to five prints. If you want one of them to be your cat’s paw, fine. You can give your cat access access to your iPhone. The phone does not care who the print actually belongs to, just that it matches.
This is what authentication is about. You attempt to access a system claiming to be Mr. X. The system confirms that this is the same person (or cat) who previously claimed to be Mr. X. It offers no warranty whatever that the person claiming to be Mr. X is Mr. X or, indeed, that Mr. X exists.
Authentication is relatively easy. It is still non-deterministic and, like any other statistical process, subject to both false positives (accepting a print it should reject) and false negatives (rejecting a print it should accept.) But a properly designed system with a good sensor, like Apple’s, can keep the rates of both types of error very small. And as long as the biometric data is stored locally and securely, as Apple maintains is the case with Touch ID, there is no real privacy issue. In fact, biometric authentication can increase privacy by reducing identify theft.
Identification is what happens when the police find a fingerprint at a crime scene. The FBI lab must compare this unknown print to millions of known prints in its database in search of a match. The likelihood of both false positives and false negatives is much higher than in the authentication case and the quality of any match–the probability that it is not a false positive–may be low. (Good defense lawyers know how to challenge expert witnesses on the quality of fingerprint matches.)
Fingerprint matching is at least backed by decades of experience and a fair amount of science. Other forms of biometric identification, such as face recognition in crowds, is far more problematical. As Adam Harvey pointed out in an Ignite talk at the Privacy, Identity, Innovation conference in Seattle last week, the current state of technology makes it all but impossible to capture useful biometric data without the cooperation of the target. You have to touch something, hold still for iris scanning, or at least look squarely into a camera with you face unobscured. At best, the data we collect from tens of thousands of surveillance cameras is good only for after-the-fact identification of suspects.
But the technology for on-the-fly biometric data capture is only going to get better. This, not Apple’s fingerprint scanner, is what poses the real threat to privacy and where the debate ought to focus.
Thanks for a clear and cool-headed description of the situation. Most of the discussion elsewhere seems to be guided either by religious faith or hysterics.
Assume you could get raw data of the sensor, you still need to convert that data back to a live finger in order to use it. I doubt you could take persons stem cell create a live finger with exact fingerprint all grown in a government lab.
Best a hacker can do is to replace your data with theirs which also need to go several hoops. All that without encryption and hash data which is even more difficult problem.
http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
Looks like I spoke too soon.
It is broken already.
Spoofed, maybe. All you need is a high res photo of my fingerprint. Got one?
“It is broken already.” – dr.no
Define “broken”. Are locks “broken” because duplicate keys can be made?
Any security system can be beaten. Security is about making the cost so high that it’s not worth the effort.
The Chaos Computing Club hack is interesting. but this predictable assault does not significantly reduce the value of Touch ID. To get into my iPhone 5s, you need physical possession of my phone, a high-resolution photo of my registered fingers, and skill to make a latex cast of my finger. These requirements mean this is not a very practical attack.
OK, this is the kicker:
“iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team.”
“Easily” faked? What I saw demonstrated, there was nothing “easy” about it. They also stretched the bounds of “materials found in any household”. Sure, I suppose EVERYONE has theatrical glue laying around. I don’t. And I work in the industry.
But let’s never mind the materials. That still takes a LOT of skill to make a _clean_ fake, even by their own description. Have you ever tried to _cleanly_ lift a finger print? Are _you_ good enough to clean up the digitized finger print in ANY photo editing software?
“Broken”. Hardly. Never mind “easy”. This is the work of pros.
Joe
The theft of the print itself also requires the active cooperation of the owner of the finger. Perhaps this could be obtained under duress, but it also argues against “easy.”
“The theft of the print itself also requires the active cooperation of the owner”.
No – I believe the print was lifted from a glass.
Or it might be lifted from the iPhone itself.
Really, using a fingerprint to secure a phone is like writing your PIN on the back of a bank card.
Of course this is assuming you are even able to get the _correct_ finger print, much less a clean or complete enough version of the correct finger print. I watched the video over at ars technica, too. So far all the “hacks” are in very controlled conditions, they know what they’ve done, where they’ve put the finger print in question, how well placed they made the finger print, and that it is the correct finger print. In both hacks I’ve seen, they both have active cooperation of the “owner” (usually themselves). “Trivial” to someone who has the time, inclination, and skills. In other words people already set out to do this kind of stuff and who probably have a whole toolbox full of ways they can hack anything.
Joe
AFAIK he provided a perfect print on a clean drinking glass of the correct finger.
Essentially, that is the perfect transfer medium, and counts as cooperation. The only thing he could done more was to get inked up and give a perfect fingerprint on paper.
From this everyone is leaping to the conclusion that you can just pull prints off the phone and unlock it. But a handled phone will be a mess of smudged overlapping partials. I doubt a CSI team would get lucky enough to find a clean enough print to unlock the phone, on the phone.
This is like the Bart Simpson defence:
“It won’t be spoofed!
I never said it couldn’t be spoofed!
It doesn’t really matter if it is spoofed!!!”
You don’t make up security as you go along. Apple should not release a “security” mechanism with no performance specs (just anecdotes about its liveness detection won’t be tricked by dead fingers), and then meekly wait for attacks and ad hoc rationalization that the security is still good enough.
Consumer biometrics is all about convenience, not security. And that would be fine if vendors were up front about it, but they’re not. And that’s the point of the “hacks”. They show that that biometric security is flaky: no standards, no meaningful specifications, no public threat & risk assessments, no test protocols, no way to quantify these vague soothing justifications that the fingerprint detector is “good enough”.
My first post on Touch ID called on Apple to be more transparent about the security mechanisms used in Touch ID. What we have learned since, unfortunately not in the form of official Apple statements, is generally encouraging, but I still wish they were more forthcoming.
That said, I don’t regard the fingerprint lift as a very serious threat. It does require the cooperation of the owner of the finger (or the incredible luck of finding a complete, perfect print of one of the phone owner’s registered fingers) and even then, the process of producing the fake print is difficult and exacting.
In security, the questions are always how good is the protection relative to the value of what it is protecting and how good is it compared to the alternatives? I think Touch ID will stand up well on both counts.
They proved they could fake a fingerprint (although it is not trivial) breaking into a device is far different.
I just couldn’t read past this aside: “read [link] for a deep dive into how the process works and why it is secure”.
If biometrics advocates are calling for “perspective” in the way critics use the CCC hack results, then by the same token, advocates must stop using the word “secure” without qualification. Maybe we can all agree that on its own “secure” is meaningless. All the more so with biometrics when there are no standards for real world performance testing, and no specifications for liveness detection.
One of my problems with the biometrics industry is vendors know there are no standards for what they do, and yet they continue to play fast and loose with words like “secure” and “unique” and “liveness detection”.
“Secure” in this case, has two senses. One is that the system can reliably authenticate the user, i.e., that it can keep false positives to a very low level. I do not believe the Chaos Computer Club hack changes that level of security significantly; the trick is simply too difficult to be a reasonable path of attack and there are alternative protections against the worst attacks. (Someone steals you iPhone at gunpoint and forces you to submit to having your fingers photographed. This works for as long as it takes for you to revoke the phone’s credentials.)
The second security issue is the protection of the biometric data stored in the phone (if it’s stored elsewhere, it’s not secure, as far as I am concerned.) This is harder to test, but it looks like Apple has done a good job protecting the data.
There is no perfect security. It is all stochastic. I ideal in any security system is to make the cost of breaking it greater than the value of what you are protecting. We can’t always achieve that, but good security raises the costs to attackers.
In the case of the iPhone, we also have to compare what Apple has provided what was available before. For phone access, Touch ID is unquestionably stronger than nothing, which was the case on about half of all iPhones, or the passcode, usually four digits, on the rest. It is also stronger than the reusable passwords for access to the iTunes Store. Is it strong enough to protect nuclear launch codes? No, but that isn’t what it is being asked to do.
Great article Steve.
Excellent article and it is sad it is necessary
I think you don’t only have to look at fingerprint technology, but also how it is implemented in a system.
In Apple’s case the fingerprint is backed up by a password and other security measures, and it times out, so a possible infiltrator has to be pretty quick in getting a clean print of you, make a fake thumb etc.
The implementation and combination with other security features that are already established, mature technologies makes it or breaks it imho.
Hey very cool blog!! Man .. Beautiful .. Amazing .. I will bookmark your I’m happy to find so many useful info here in the post, we need develop more techniques in this regard, thanks for sharing. . . . . .
Thank you so much for providing individuals with a very splendid opportunity to read critical reviews from this website. It’s usually very useful and also jam-packed with a great time for me and my office acquaintances to search the blog the equivalent of three times per week to read through the newest tips you will have. And indeed, I’m so certainly happy with the wonderful knowledge served by you. Certain 1 tips in this article are ultimately the most impressive I’ve had.
You forgot something 🙁
adana escort baby
Some really excellent info, Sword lily I detected this.
This post post made me think. I will write something about this on my blog. Have a nice day!!
I’m not butting in.. but are you sure with reference to this? It maybe kinda overdone and I’m worried about you :/
I am extremely impressed along with your writing talents and also with the structure to your blog. Is this a paid subject matter or did you customize it your self? Either way keep up the nice high quality writing, it is uncommon to peer a nice blog like this one these days..
This is such a great resource that you are providing and you give it away for free. I love seeing blogs that understand the value. I’m glad to have found this post as it’s such an interesting one! I am always on the lookout for quality posts and articles so write my assignment for me I suppose im lucky to have found this! I hope you will be adding more in the future…
This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value. Im glad to have found this post as its such an interesting one! I am always on the lookout for quality posts and articles so i suppose im lucky to have found this! I hope you will be adding more in the future…
It’s nice to see the best quality content from such sites.
If you are calling a regular phone number, the signal is converted to a regular telephone signal before it reaches the destination
You have given very good information about Biometrics in this article which I have benefited from. Now I will suggest you to use this Taylor Swift Dysphoria Hoodie to update your fashion in this winter season.
You have given very good information about Biometrics in this article which I have benefited from. Now I will suggest you use this Taylor Swift Dysphoria Hoodie to update your fashion in this winter season.
great
I am really inspired with your writing talent well with the layout to your weblog. Is this a paid topic or did you modify it do my assignment your self? Anyway stay up the excellent high quality writing, it’s rare to peer a great blog like this one nowadays.
I am really inspired with your writing talent well with the layout to your weblog. Is this a paid topic or did you modify it do my assignment your self? Anyway stay up the excellent high quality writing, it’s rare to peer a great blog like this one nowadays.
I read your blog very well and I keep reading this blog and I visited your blog for the first time and I like your blog very much now I want to talk to you about fashion. Try this North Carolina A&T Blue Varsity Jacket in winter.
Aajjo Business Solutions Private Limited stands at the forefront of India’s digital marketplace, pioneering innovative solutions and connectivity for businesses. Renowned for its cutting-edge technology and comprehensive platform, Aajjo facilitates seamless transactions, fosters business growth, and empowers enterprises to thrive in the dynamic landscape of the digital economy.
At Insurance Genie, we specialize in delivering cost-effective car insurance solutions in Hamilton. Our commitment is to make quality coverage accessible to all drivers. Drive with savings and security—choose Insurance Genie for your insurance needs.
Welcome .I am very gentle and romantic girl.be sure to write me!
Biometrics is one such method. From which you learn how to recognize the different aspects of human life. I got very good information about Biometrics from your post. And now I will suggest you to use this LA Angels Retro Varsity Jacket.
Biometrics is one such method. From this you learn how to recognize the different aspects of human life. I got very good information about Biometrics from your post. And now I will suggest you to use this LA Angels Retro Varsity Jacket.
Biometrics is one such method. From this you learn how to recognize the different aspects of human life. I got very good information about Biometrics from your post. And now I will suggest you to use this LA Angels Retro Varsity Jacket.
This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more … good luck.
This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more … good luck. david martinez jacket
In architecture and interior design, a custom design typically involves creating a unique structure, layout, or set of features that are tailored to the needs and desires of the client. This may include customizing the floor plan, selecting specific materials, and incorporating personalized elements to reflect the client’s individual style and preferences.
You have very good information about Biometrics in your post and your content is very well written. And now I will ask you to try this Huni Hoodie in this winter season.
If you are wearing a black jacket, it will be fine. And if you’re looking for such a jacket, I’ll give it to you. And this Ralph Lauren NY Yankees Black Letterman Jacket is the best of your choice. And it protects you from the cold.
If you are wearing a black jacket, it will be fine. And if you’re looking for such a jacket, I’ll give it to you. And this Ralph Lauren NY Yankees Black Letterman Jacket is the best of your choice. And it protects you from the cold.
I love to meet new people and have fun with them. I like to chat, free adult live chat in front of the cam and shoot clips. I am open for new adventures 🙂
Thanks for sharing this valuable information! ebook writing services
Your dedication to quality shines through your content