Afingerprint recognitionsystem failed
to prevent black-listed fans from entering football grounds and was
easily fooled by simple spoofing techniques, according to a trial
by Dutch research organisation TNO.
Jurgen den Hartog, who undertook the research, said that with a
false accusation rate of 0.1% - a low rate being a requirement for
such a system, given the volume of supporters and the fact that
false accusations could spark trouble - the fingerprint system
failed to spot 15% to 20% of those on a volunteer black-list,
recruited to test the technology, a level he described as
"unexpected".
"This has serious implications for a lot of other negative
identification scenarios," den Hartog told a session of the
Biometrics 2007 conference in Westminster on 18 October. "It's
very easy not to look like yourself, so I wonder what the impact of
these results will be on other programmes."
Negative identification fails if a black-listed person can fool
the system into thinking they are not on that list, involving
technically challenging one-to-many checks. Identity verification
checks, such as with passports, require only a one-to-one check
that the biometric recorded matches the individual, and fails only
if someone else's identity is hijacked.
Den Hartog said that fooling the fingerprint systems, LScan 100
scanners provided by NEC and HSB, proved easy for the volunteers,
who were asked to attempt such spoofing. They used techniques
including latent fingerprints on sticky tape and a layer of glue on
fingers: "The trick is, do not press too hard," he said of the
latter. Both techniques also fooled a spoof-resistant scanner from
Lumidigm in TNO's labs.
Furthermore, the tests brought up other problems: the devices
could check 12 fans a minute at best, but as few as four or five a
minute on one occasion when it was in direct sunlight by
Feyenoord's ground. "The french fries stand outside the stadium
couldn't do business any more, because of the queue for our gate,"
den Hartog said.
"The live system did not meet important requirements of speed,
accuracy and robustness against manipulation," den Hartog
concluded. "I think speed and accuracy can be solved, but
robustness against manipulation really remains a challenge."
The research involved 6400 checks at 26 matches at three Dutch
football clubs. TNO chose fingerprints in preference to iris or
facial recognition, on a range of criteria including speed,
reliability and proof against being fooled.
This article first appeared on the web-site of Infosecurity
magazine, http://www.infosecurity-magazine.com/