Researchers at Clarkson University appear to have confirmed what a number of recent experiments into the reliability of biometrics have strongly hinted at – in its current form it can be easily, almost routinely, fooled.
With funding from the National Science Funding Foundation (NSF) behind them, as team at the University investigated the “legal and privacy issues raised from broader applications of biometric system technology in airport security, computer access, or immigration.”
The major area of enquiry was fingerprint technology. Casts were made of live fingers using kiddie Play-Doh, and the team even went to the extreme of taking fingers from cadavers, all to test how easily the systems could be spoofed. From 60 samples, a shocking false verification rate of 90 percent was achieved.
This rate was reversed when the experiments were conducted again with the addition of a new system developed by the University for detecting real fingerprints using patterns of sweat found on live or real fingers. That still left a false verification rate of 10 percent, however.
The University didn’t name the system or systems tested.
It will be heartening to anyone who advocates finger biometrics that there is clearly room for improvement. Add in a metric that verifies whether the fingerprint is from a real, live person, and the system works tolerably well. Equally, “tolerably well” isn’t really good enough in the context of the problem the technology claims it can solve, that of helping to layer security in key locations such as airports or buildings.
By coincidence, Lenovo out a press release this week hailing the fact that it had shipped the 1 millionth Thinkpad with an integrated fingerprint reader. These are used in conjunction with passwords, so it is fair to say that fingerprint biometrics are certainly no less secure than conventional PCs which don’t have the systems.
But are they really worth paying a premium for, even if they do act as a deterrent? It is all about how one assesses the willingness of criminals or hackers to undermine the system. We’ve seen that consistently underestimated in the past.