Wednesday, October 24, 2007

Fingerprint system fails to identify black-listed soccer fans

Published 23 October 2007

Dutch researchers test the reliability of finger print biometrics by placing finger print scanner at three Dutch soccer stadiums for the purpose of identifying more than 6,000 "black listed" volunteers; the fingerprint system failed to spot 15 percent to 20 percent of those on a volunteer black-list

This is a story about football, but it has implications beyond the beautiful game. A fingerprint recognition system failed to prevent black-listed fans from entering football grounds and was easily fooled by simple spoofing techniques, according to a trial by Dutch research organisation TNO (organization's motto: "Kennis voor zaken"). Jurgen den Hartog, who undertook the research, said that with a false positive rate of 0.1 percent -- a low rate being a requirement for such a system, given the number of supporters and the fact that false positive could make for trouble -- the fingerprint system failed to spot 15 percent to 20 percent of those on a volunteer black-list, recruited to test the technology, a level he described as "unexpected." "This has serious implications for a lot of other negative identification scenarios," den Hartog told a session of the Biometrics 2007 conference in Westminster last week. "It's very easy not to look like yourself, so I wonder what the impact of these results will be on other programmes."

InfoSecurity's S. A. Mathieson writes that negative identification fails if a black-listed person can fool the system into thinking they are not on that list, involving technically challenging one-to-many checks. Identity verification checks, such as with passports, require only a one-to-one check that the biometric recorded matches the individual, and fails only if someone else's identity is hijacked. Den Hartog said that fooling the fingerprint systems, LScan 100 scanners provided by NEC and HSB, proved easy for the volunteers, who were asked to attempt such spoofing. They used techniques including latent fingerprints on sticky tape and a layer of glue on fingers: "The trick is, do not press too hard," he said of the latter. Both techniques also fooled a spoof-resistant scanner from Lumidigm in TNO's labs. Furthermore, the tests brought up other problems: the devices could check twelve fans a minute at best, but as few as four or five a minute on one occasion when it was in direct sunlight by Feyenoord's ground (Giovanni van Bronckhorst, one of our favorite footballers, is playing for the Rotterdam club). "The french fries stand outside the stadium couldn't do business any more, because of the queue for our gate," den Hartog said. "The live system did not meet important requirements of speed, accuracy and robustness against manipulation," den Hartog concluded. "I think speed and accuracy can be solved, but robustness against manipulation really remains a challenge."

The research involved 6,400 checks at 26 matches at three Dutch football clubs. TNO chose fingerprints in preference to iris or facial recognition, on a range of criteria including speed, reliability, and proof against being fooled.



Post a Comment

<< Home

Made4biz Security Translating real-world security knowhow into state of the art security systems.
Made4biz Security

Turn on Sound for Demos:
Bill Gates Demo (Location-based)
Elvis Demo (Location/Context-based)
Clint Eastwood Demo (Temporal-based)

Powered by Blogger

Subscribe to
Posts [Atom]

Technorati Profile

RSS Syndication

Made4Biz Security Inc