Tag Archives: fingerprint

Biometrics Run Amok: Your Heartbeat ID, please

Before pulling the trigger, a sniper planning to assassinate an enemy operative must be sure the right person is in the cross-hairs. Western forces commonly use software that compares a suspect’s facial features or gait with those recorded in libraries of biometric data compiled by police and intelligence agencies. Such technology can, however, be foiled by a disguise, head-covering or even an affected limp. For this reason America’s Special Operations Command (SOC), which oversees the units responsible for such operations in the various arms of America’s forces, has long wanted extra ways to confirm a potential target’s identity. Responding to a request from soc, the Combating Terrorism Technical Support Office (CTTSO), an agency of the defence department, has now developed a new tool for the job.

This system, dubbed Jetson, is able to measure, from up to 200 metres away, the minute vibrations induced in clothing by someone’s heartbeat. Since hearts differ in both shape and contraction pattern, the details of heartbeats differ, too. The effect of this on the fabric of garments produces what Ideal Innovations, a firm involved in the Jetson project, calls a “heartprint”—a pattern reckoned sufficiently distinctive to confirm someone’s identity.

To measure heartprints remotely Jetson employs gadgets called laser vibrometers. These work by detecting minute variations in a laser beam that has been reflected off an object of interest. They have been used for decades to study things like bridges, aircraft bodies, warship cannons and wind turbines—searching for otherwise-invisible cracks, air pockets and other dangerous defects in materials. However, only in the past five years or so has laser vibrometry become good enough to distinguish the vibrations induced in fabric by heartprints….

Candice Tresch, a spokeswoman for the cttso…. cannot discuss the process by which heartprint libraries might be built up in the first place. One starting point, presumably, would be to catalogue the heartbeats of detainees in the way that fingerprints and dna samples are now taken routinely.

Excerpts from Personal identificationPeople can now be identified at a distance by their heartbeat, Economist, Jan 23, 2020

The Biometrics Bonanza: Measuring and Identifying Humans

Many African  governments have unwisely bought biometric proprietary systems of private companies, meaning that they are forced to go back to the seller for maintenance, upgrades and new components. That can be expensive. When Nigeria wanted to use its own card-printing machines, the firm that had sold it software tried to insist that Nigeria buy its machines as well… They eventually got help from Pakistan, which had software that worked on any machine.

But there are signs of change coming from within the industry itself, spurred by developments in an entirely different part of the world: India. Like Africa, it is vast, poor and home to more than a billion people. Yet as a single country India has tremendous negotiating power. When India developed its “Aadhaar” identity programme it invited leading firms to bid—but with the caveat that they provide open-source software, or code that can be examined and changed by others. This allowed engineers to knit together different bits of a system such as databases, enrollment software, fingerprint scanners and so on. The suppliers agreed because they did not want to miss out on the biggest identity bonanza the world had ever seen. Moreover, India’s spending led to a big increase in production, which caused prices to fall across the industry.

Even as governments think about the technical problems of recording identity, they also need to grapple with the far more consequential ones around rights, governance and privacy. The starkest warning of the misuse of identity was in the Rwandan genocide, where ID papers listed ethnicity, making it easy to target Tutsis. Since data on religion and ethnicity are not needed to provide services, governments should not be hoovering it up.

States should also be wary of denying people their rights by creating a class of citizens without papers. In Kenya, for example, the government wants everyone to register for ID  cards, but it discriminates against members of the Nubian minority by forcing them to appear before a security panel to prove their nationality. Modern identity systems promise to bring many benefits to Africa. But as they proliferate, so too will the temptation for politicians to misuse them

Excerpts from Identity Documentation in Africa: Papers Please, Economist, Dec. 7, 2019

Who Owns Your Voice? Grabbing Biometric Data

Increasingly sophisticated technology that detects nuances in sound inaudible to humans is capturing clues about people’s likely locations, medical conditions and even physical features.Law-enforcement agencies are turning to those clues from the human voice to help sketch the faces of suspects. Banks are using them to catch scammers trying to imitate their customers on the phone, and doctors are using such data to detect the onset of dementia or depression.  That has… raised fresh privacy concerns, as consumers’ biometric data is harnessed in novel ways.

“People have known that voice carries information for centuries,” said Rita Singh, a voice and machine-learning researcher at Carnegie Mellon University who receives funding from the Department of Homeland Security…Ms. Singh measures dozens of voice-quality features—such as raspiness or tremor—that relate to the inside of a person’s vocal tract and how an individual voice is produced. She detects so-called microvolumes of air that help create the sound waves that make up the human voice. The way they resonate in the vocal tract, along with other voice characteristics, provides clues on a person’s skull structure, height, weight and physical surroundings, she said.

Nuance’s voice-biometric and recognition software is designed to detect the gender, age and linguistic background of callers and whether a voice is synthetic or recorded. It helped one bank determine that a single person was responsible for tens of millions of dollars of theft, or 18% of the fraud the firm encountered in a year, said Brett Beranek, general manager of Nuance’s security and biometrics business.

Audio data from customer-service calls is also combined with information on how consumers typically interact with mobile apps and devices, said Howard Edelstein, chairman of behavioral biometric company Biocatch. The company can detect the cadence and pressure of swipes and taps on a smartphone.  How a person holds a smartphone gives clues about their age, for example, allowing a financial firm to compare the age of the normal account user to the age of the caller…

If such data collected by a company were improperly sold or hacked, some fear recovering from identity theft could be even harder because physical features are innate and irreplaceable.

Sarah Krouse, What Your Voice Reveals About You, WSJ, Aug. 13, 2019

Watching your Internet Fingerprint

The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently difficult: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus, unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.

The Active Authentication program seeks to address this problem by developing novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software-based biometrics. Biometrics is defined as the characteristics used to uniquely recognize humans based upon one or more intrinsic physical or behavioral traits. This program focuses on the computational behavioral traits that can be observed through how we interact with the world. Just as when you touch something with our finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a “cognitive fingerprint.”

This BAA addresses the first phase of this program. In the first phase of the program, the focus will be on researching biometrics that does not require the installation of additional hardware sensors. Rather, DARPA will look for research on biometrics that can be captured through the technology already in use in a standard DoD office environment, looking for aspects of the “cognitive fingerprint.” A heavy emphasis will be placed on validating any potential new biometrics with empirical tests to ensure they would be effective in large scale deployments.

The later planned phases of the program that are not addressed in this BAA will focus on developing a solution that integrates any available biometrics using a new authentication platform suitable for deployment on a standard Department of Defense desktop or laptop. The planned combinatorial approach of using multiple modalities for continuous user identification and authentication is expected to deliver a system that is accurate, robust, and transparent to the user’s normal computing experience. The authentication platform is planned to be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from any source.

The combined aspects of the individual that this program is attempting to uncover are the aspects that are the computational behavioral “fingerprint” of the person at the keyboard. This has also been referred to in existing research as the “cognitive fingerprint.” The proposed theory is that how individuals formulate their thoughts and actions are reflected through their behavior, and this behavior in turn can be captured as metrics in how the individual performs tasks using the computer.

Some examples of the computational behavior metrics of the cognitive fingerprint include:

− keystrokes

− eye scans

− how the user searches for information (verbs and predicates used)

− how the user selects information (verbs and predicates used)

− how the user reads the material selected

• eye tracking on the page

• speed with which the individual reads the content

− methods and structure of communication (exchange of email)

These examples are only provided for illustrative purposes and are not intended as a list of potential research topics. The examples above include potential biometrics that would not be supported through this BAA due to a requirement for the deployment of additional hardware based sensors (such as tracking eye scans).

Excerpt from, Broad Agency Announcement, Active Authentication, DARPA-BAA-12-06, January 12, 2012

On Feb. 12, 2013, two groups announced related projects. The first is an industry group calling itself the FIDO (Fast IDentity Online) Alliance. It consists of the computer-maker, Lenovo, the security firm, Nok Nok Labs, the online payment giant, PayPal, the biometrics experts, Agnito, and the authentication specialists, Validity. The second is the Defense Advanced Research Project Agency (DARPA), a research and development arm of the Defense Department.

Excerpt from DARPA, FIDO Alliance Join Race to Replace Passwords, CNET, Feb. 12, 2013