Apples iPhone 5S Unveiling
Apple’s new iPhone 5S unveiled by its VP Phil Schiller now contains Fingerprinting capabilities bringing back the discussion if this technology is secure and the privacy implications that come along with this.
Apple has said that it won’t store fingerprint data on its servers — only on the devices themselves, encrypted and locked within the A7 chip. But consumers may still want to think carefully before allowing their phone, and Apple’s App Store, to gain access to such unique identifying information.
The touch ID fingerprint sensor will be built into the home button. It will scan fingerprints in any orientation and fingerprint layers. It can be used it to unlock your phone or make iTunes purchases without entering a password.
So what does Fingerprint Biometric Security look for?
This is the technology Apple intends to use. So that a password will not be needed. For added security a Password/Pin should also be used. So the Fingerprint would Identify the user and the Pin would Authenticate the user, but this is not the case here.
Unlike a password which would be ‘What you know’.
With passwords alot of people are trying to find alternatives. This can be using the likes of a pass-phrase or in this case biometrics.
‘What you have’ could be a swipe-card or an RSA Key.
- What you have
- What you know
- Who you are
When a fingerprint is scanned it look at all aspects of its design and edges.
- Crossover: two ridges cross each other
- Core: center
- Bifurcation: ridge separates
- Ridge ending: end point
- Island: small ridge b/w 2 spaces
- Delta: space between ridges
- Pore: human pore
Advanced Minutiae Based Algorithm
- Minutiae Coordinate and Angle are calculated
- Core is used as center of reference (0,0)
- Used to match fingerprint
- Trade-off between speed and performance
- Group minutiae and categorize by type
- Large number of certain type can result in faster searches
How to Hack proof Biometric Security
Once the iPhone 5S is released and been tested 🙂 I am sure many juicy details and hacking techniques will be released.
Example of some ways of protecting against the faking of a Bio Fingerprint could be:
- Cannot steal from previous user
- Latent print residue (will be ignored)
- Cannot use cut off finger
- Heartbeat sensors
- Blood flow