Schneier on Security
A blog covering security and security technology.
« The Inner Workings of an FBI Surveillance Device |
| Mobile Phone Privacy App Contest »
May 17, 2011
Fingerprint Scanner that Works at a Distance
Scanning fingerprints from six feet away.
Slightly smaller than a square tissue box, AIRprint houses two 1.3 megapixel cameras and a source of polarized light. One camera receives horizontally polarized light, while the other receives vertically polarized light. When light hits a finger, the ridges of the fingerprint reflect one polarization of light, while the valleys reflect another. "That's where the real kicker is, because if you look at an image without any polarization, you can kind of see fingerprints, but not really well," says Burcham. By separating the vertical and the horizontal polarization, the device can overlap those images to produce an accurate fingerprint, which is fed to a computer for verification.
No information on how accurate it is, but it'll only get better.
Posted on May 17, 2011 at 7:46 AM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Coming next - cloning fingerprints at a distance.
Same concept as when I warn people about things like collecting too much information. They may accurately say things like "we don't have the ability to process that much data." To which I say they should finish the sentence with "yet."
It wasn't too long that a terabyte would have been a science fiction fantasy.
Does this make it possible to fingerprint someone without their knowledge?
The article seems to indicate that a source of polarized light is needed.
But if the fingerprints ridges/valley favor one polarization over another in their reflections, can the filtered cameras recover fingerprints from non-polarized light?
@karrde it has been possible to fingerprint someone for a very long time without their knowledge, this just makes it faster and automated.
I can't wait until the CSI writers get wind of this. Of course, their version will be able to identify fingerprints from half a dozen pixels taken by a grainy security camera...
@karrde: it appears that the machine has its own source of polarized light.
Also, there are lots of ways to take fingerprints without the subject knowing: just lift a print from something that they've touched (like a drinking glass or something else smooth). As Mr. Granade points out, this just makes it possible to record fingerprints wholesale.
1.3 megapixel seems to be about half a dozen...
I just imagine that with higher resolution (and good lenses) e.g. Two Smartphone cams CSI will be able to identify fingerprints from half a mile away.
This technique ought to work extremely well with the raised lettering on credit cards, too.
Isn't this almost bye-bye to biometric security. Imagine, you have an building protected with biometrics. You park for example an car with this device build in near the building, let it scan all the fingers it can detect. And record the ppl movement via other cams.
Once you have one, you can create a fake fingerprint and get access.
Lot easier then trying to find a glass, table, door handle etc that was held by somebody identified earlier.
1.3 mpixels should be ore then enough,given a proper optical path (i.e. not a wimpy cellphone lens).
It's just that people have been brainwashed into wanting more and more megapixels, even if the objective is not able to produce that resolution due to diffraction and other optical aberrations.
I think it would be more accurate to say that it is receiving an image through a polarized filter. Ambient light is sufficient.
Although, it would be interesting to defeat this by carrying around a strong source of polarized light. If the polarization of your light source lines up with one of the cameras on the device, it might make it harder to correlate the "bright" and "dim" images.
Is this thing for real ? Anyone seen it ?
@Chelloveck: "I can't wait until the CSI writers get wind of this. Of course, their version will be able to identify fingerprints from half a dozen pixels taken by a grainy security camera..."
Too easy. In their script, they'll take fingerprints from reflections off rear view mirrors in a dark parking garage and acertain the real culrpit is the suspects long lost evil identical twin brother thought to have died at birth who was really kidnapped by a post partpartenly depressed nurse who lost her fertility when the doctor she was working for drugged her to abort their child so his wife wouldn't find and he would have gotten away with it if he wouldn't have kicked the suspects dog and started an altercation resulting in his death.
Cue the famous satellite zoom-in sequence...
Simultaneous reception of multiple light polarizations?
Sounds like someone has been inspired by mantis shrimp eyes!
Nah, you've got it wrong. 'Ripped from the headlines' is the signature of the L&O series of shows.
Isn't the result a derivative work? That is, producing a computer generated result from a (questionable) original input? We have already seen how DNA can be manipulated to indicate a match. They already do this with license plates and pretend they are one and the same as yours? This type of result needs corroborating evidence to substantiate the allegation. This is also done (image enhancement) in satellite photography and serves as a useful tool but not courtroom evidence.
Time to start wearing thick gloves all year long.
I sure wish they'd shown an actual fingerprint image.
I'd been meaning to buy some gloves...
Sounds like they died from... complications.
Interesting technique, the implication of which being that once adopted by TSA and the like, wearing gloves will earn you an extra check on the list of surveillance drones.
Hawkins Dale: "Also, there are lots of ways to take fingerprints without the subject knowing: just lift a print from something that they've touched (like a drinking glass or something else smooth)."
They did this in National Treasure (2004).
Even better, there are reports that latent fingerprints left on the readers themselves can be used to gain entry. Just breathe on them, or carefully press a piece of plastic film onto the pad. This would hopefully not work on readers that use static voltage or other features to perform "live sample detection".
Off topic, but related to fingerprints, this is interesting:
The Israeli government recently turned down a suggestion by renowned Prof. Adi Shamir for a secure fingerprints database, and decided to opt for a less-secure solution.
@Serian "They did this in National Treasure (2004)."
And Jill St John did the same in Diamonds are Forever (1971) in her underwear. You can keep your fancy new stuff. The old ways are best.
How's the quote go? Technology has given us the ability to contol everything except technology.
In Regency England, the fashion (at least among the ton) was for men and women always to wear gloves. I guess they were smarter than we are.
@BF Skinner: "And Jill St John did the same in Diamonds are Forever (1971) in her underwear."
And James Bond foiled this by pasting latex copies of the fingerprints of the guy he was impersonating over his own fingers.
@Alan Kaminsky "James Bond foiled this"
There was more to the movie after that?
Are you sure?
You're putting me on.
Nobody has yet asked the really important question. Can fake gummy bear fingerprints fool this system?
Interesting story. A mate of mine is a PhD researcher and has just published their latest research on fingerprint analysis, investigating how accurate fingerprint experts actually are. Fortunately, it seems they're not too bad, but they still do make mistakes - there's a summary article here: http://www.sciencedaily.com/releases/2011/05/...
BF Skinner: So you missed the scene where Jill was on a waterbed in her birthday suit (covered by fur blankets, of course)? Or the bikini with the tape cartridge sticking out of her butt when they were on Blofeld's oil rig operational site? Not to mention Natalie Wood's VERY busty sister, Lana, as "Plenty O'Toole"?
You really need to see that movie again! :-)
As for fingerprint foiling, I've heard using what is called "Liquid Bandage", a liquid that is painted on the fingers and forms a protective rubbery layer which is mostly unnoticeable (but smells bad), can be used to obliterate fingerprints without wearing clothes. Other people allegedly use cobblers cement.
I wonder if that sort of stuff would mess up the long-range fingerprint scan, too.
OTOH, if someone is trying to print you from a distance, and they can't get a decent print because you foiled it, well, if you weren't under suspicion before, you are now. :-)
So, yeah, it would probably be better to do what Bond did and use someone else's fingerprints.
But that person better look like you because when they run the prints through the database and the picture comes back as a 250 pound black guy and you're a 150 pound white guy, well...
Frankly, your best bet is just shoot the son-of-a-bitch trying to fingerprint you...if you notice him, of course.
To quote a friend:
"WHAT IN THE WORLD?!".
You all sure are paranoid.
So, let's say I wack someone. Then I take my kid to the park the next day. Are you jamokes trying to tell me some pinhead cop is gonna be sitting in his car aiming some shiny thing at my hands? Which hang by my hips?
So some strange dude's got a camera pointed at me and my kid? Eh, well, I don't know which of us it is, do I? But I'm the protective type, so I give the nod and Tony and Vinny slip up, bash his head in, and take his toy.
You guys need to just relax. You watch too many movies.
@RSH "really need to see that movie again"
I do recall Bond breaking in to Willard Wyte's Space thingamajig factory. One of the best examples of tailgating (with thanks to Ed Bishop) I've ever seen. Use it in your AIS briefings.
@trog "mate of mine is a PhD researcher and has just published their latest research "
Thanks and that's an interesting article but could you post a citation to Tangen et al.'s published paper? All Science Daily says is that it will be published eventually in Psychological Science.
@Chilly Willy "Time to start wearing thick gloves all year long."
Time for _Obama_ to start wearing gloves. Or some "journalist" takes a snapshot and soon, every crook will be wearing latex gloves with the president's fingerprints.
@ BF Skinner, Richard Steven Hack,
Somewhat seriously, I wonder what are the legal ramifications of going about in public, even doing non-contracual business, in disquise? Knowing, as noted above (@D Praet), that such behavior will get you on someone's list.
Spell check, spell check, speel check.
@echowit "Pix?? . . . will get you on someone's list."
Don't Google image them. I can't believe the amount of phony infected PC popup's infecting images out there.
Re: Legal ramification while you might end up on a list of interesting persons most likely nobody except Mrs Kavitz will notice. Even then I think the argument is the same as changing your name. Here in the US you can call yourself anything you like and it's legal as long as it's not advancing a fraud.
+1 for the Mrs.Kravitz reference.
Mr. K vs Mrs. K. Good times, good times...
I wonder where Aunt Hagatha would fit into all this.
( Please don't say,"Falling into message boards where she doesn't belong." )
Dip finger in highly combustible/inflammable liquid
Ignite liquid with laser
Record spectrum of gasses released at combustion
Program an array of lazers to fire their beams in a line
Create a device which change the direction of the laser arrays through angling crystalline or via carbon-silica nanotubes
step 6) create enough arrays so that each 'line' of scanning beams is one femtosecond in scanning position behind the last scan.
power the device so that each beam is energetic enough to evaporate the combustible liquid in a manner which causes the liquid to immediately become a gas and then ignite
record the data
Science I don't know! Have each laser array read the spectrum of the liquid, evaporated gas and combusted product, as well as record the spectrum of the heat and light created from the ignition
Not only read individual fingerprints, as the finger and skin will cause unique results in 3 Dimensional Graphical space ( for each spectrum and heat signature - and femtosecond difference between occurrences of such), but will also hint at the person's habits, health and personal dermal excretion
Make your finger feel as if it is burning every time you need authorization!
Come up with another idea off the top of your head and profit.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.