University of Buffalo researchers say they have put their fingers on a way to improve security of wireless handheld devices and Web sites.
The findings could also help eliminate the need to remember a dizzying array of passwords and aid forensics specialists, according to Venu Govindaraju, a University of Buffalo professor of computer science and engineering, and director of the school’s Center for Unified Biometrics and Sensors (CUBS).
The research specifies how big a keypad sensor needs to be and how big a fingerprint image should be, as a key shortcoming of biometric systems now is that sensors often only can take partial fingerprints, Govindaraju says. Enabling more complete fingerprinting will let companies better gauge the level of security they can provide, he says.
“For the first time, we have determined the minimum surface area required for fingerprint scanning in order to achieve a level of security that is roughly comparable to the security achieved with a six-letter password,” Govindaraju says in a statement regarding the researchers’ Automated Partial Fingerprint Identification algorithm.
The algorithm also takes into account the fact that even a legitimate fingerprint doesn’t always look the same due to the way a person presses on a pad or because of moisture or other factors.
The researchers’ work has been published in the journal Pattern Recognition and a patent has been filed on this technology.
Concerns about fingerprinting in biometrics were raised recently on a security panel at the Demo 2006 conference in Phoenix. The problem with biometrics, agrees the panel, is that once a thief learns how to reproduce a fingerprint, the owner can’t change the original.
Technology is being developed that doesn’t take a picture of the finger but some small measurements of the finger’s characteristics, says panelist Charles Palmer, manager of the security, networking and privacy departments at IBM’s Thomas J. Watson Research Center. He adds that four per cent of people can’t produce good fingerprints and that pineapple juice can temporarily remove a person’s fingerprint.
Another promising area is challenge-response biometrics, says panelist Partha Dasgupta, an associate professor with Arizona State University’s Fulton School of Engineering.
Instead of matching a spoken word or phrase to one previously recorded, the phrase is changed every time so a thief can’t record the phrase and replay it over and over to gain access to protected data. “That’s much more sophisticated, and much more complicated,” he says.
Universities are a hotbed for network security research these days. Among recent advances are those in the use of “photonic decoys” to thwart hackers and “active cookies” to foil phishers and pharmers.