Friday, March 24, 2006

WiMAX arrives in London

Urban WiMAX is offering what it calls "the U.K.'s first true WiMAX services"--for free. The "free" in "free service" applies to yet another WiMAX trial period, but this trial is more advanced than other WiMAX trials now being conducted in the U.K. by Libera in London, Telabria in Kent, Pipex in Stratford and Metranet in Brighton. Urban WiMAX says the difference lies in the fact that the trial is based on 802.16d standard kit, not on pre-WiMAX, and that there will be a smooth change from a free service starting in April to a paid-for service in July. The company says its charges will be 50 percent to 70 percent of BT's SDSL prices at wholesale levels. This means that users would be paying from around £50 a month for 1 Mbps symmetrical service, with higher prices for rates up to 10 Mbps. A price chart suggests the prices might be as high as £100 and £200 a month, respectively, for 2 Mbps and 4 Mbps services, but a company spokesperson says any price could be reduced to keep its promise of undercutting the competition.
The company's Web site estimates the value of the free installation, hardware and three months free trial at £1,353 and says subscribers have no obligation to continue at the end of the trial. Urban WiMAX expects to offer a two-year contract, with no installation fee. We note that the company does not reveal what vendor it is using for the gear it offers. We also note that the company is serious: Its Web site includes an advanced postal zip code checker, which takes into account hills, trees and contour lines in order to include line-of-sight connection. Techworld Mobility reports that its office on Brixton Hill passed the test (they can see the London Eye from their roof).
For more on Urban WiMAX London trial
PLUS: It appears that BellSouth is investigating WiMAX technology for the purpose of providing high-speed Web services in areas where its wired network has been damaged, degraded or has not yet been built-up. Testing will soon begin at the company\'s labs, with live testing to\nfollow in the fall. The 1.5 Mbps service will be transmitted using the 2.3 GHz spectrum. BellSouth was the first major phone company to offer a commercial wireless broadband service based on WiMAX-like technology. Report

Al Rajhi Bank deploys biometric ATMs

http://thebiometrix.com/viewtopic.php?p=754#754
Al Rajhi Bank deploys biometric ATMs
21st March 2006

Saudi Arabia's Al Rajhi Bank has struck a deal with Diebold, a self-service and security systems provider, for the provision of its self-service biometric automated teller machines (ATMs). Diebold's biometric Opteva ATMs will be deployed at social security offices throughout Saudi Arabia, where 400,000 retirees will use the unique geometry of the index finger in conjunction with a magnetic stripe card to access monthly retirement payments. The biometric technology replaces the use of personal identification numbers (PINs) with authentication of identity. Diebold Professional Services will manage the implementation of 82 biometric terminals, providing overall development of the biometric software solution, and will create a customized user interface in the local language. Suliman Al Obaid, general manager of IT at Al Rajhi Bank, said: "Diebold's biometric ATMs will allow us to expand our business by distributing government-mandated pension payments on a monthly basis. Our biometric program may be expanded to include the enrolment of other customers in rural areas who are unfamiliar with the use of PINs."

Thursday, March 23, 2006

Conferences 2006

· SPIE Biometric Technology for Human Identification III, April 17-21, 2006, Orlando, Florida
http://spie.org/Conferences/Calls/06/dss/conferences/index.cfm?fuseaction=OR36
· 3rd Summer School for Advanced Studies on Biometrics for Secure Authentication, June 5–9, 2006, Alghero, Italy.
http://www.computer-vision.191.it/Biomet-School.html
· ICPR 2006, August 20-24, 2006, Hong Kong.
http://www.comp.hkbu.edu.hk/~icpr06/
· IWMRCS 2006, September 11-13, 2006, Istanbul, Turkey.
http://www.ehb.itu.edu.tr/~mrcs
· Biometrics Symposium 2006, September 19-21, 2006, Baltimore, Maryland.
http://www.citer.wvu.edu/bsym2006/
· ICB 2007 August 27-29, 2007, Seoul, Korea
http://image.korea.ac.kr/ICB2007/index.html

Thursday, March 02, 2006

Email to Zayn007

"Biometrics, is it true that there not a 100% unique and u would have to get your figure prints or iris scanned several times?"
Biometrics traits (physical) are unique, it was proven that even twins have unique fingerprints, irises, retinas, shape of ears, but no major applications so far like the one the UK govrnt is trying to launch with ID cards and passports, so that will be a huge challenge with a number of security issues, a centralised DB with millions of templates, you can imagine!. So to sum up, to verify 1 ID among millions, let's say 60 million (K population) has not been yet tried, so until they finally enrol every single citizen in the UK (60 million +), we wouldnt' know, I think most major pilot projects experimenting with biometrics have not yet exceeded 25,000-50,000 samples. The whole market is still maturing, technology is still under R&D, and the hype does help from bad publicity about big brother watching, and spoofing of biometric devices. Biometrics can be secure if used effectively with the traditional authentication methods (PIN, tokens, smart cards...) Secondly, every biometric has weaknesses and strenghts, you've mentioned "unique" that's one of the criteria of any biometric, if they are not unique, they won't be used as an authentication method. The problem is that what are going to do with disabled people with no eyes, no fingers, no hands. Each biometric technique is measured using different rates, namely False Rejection Rate (probability that a biometrics fails to verify & reject a legitimate user), False Acceptance Rate (probability that a biometrics system accepts an imposter), Equal Error Rate (occurs at the decision threshold where the proportion of false rejections equals the proportion of false acceptances).
They come up with a solution, using Multi-biometrics, for example this UK ID they're trying to do will include, face recognition, 10 fingerprints, 2 irises and signature, all saved in one chipped card, so if one trait do not match or is not on record, there is always an option of using another one. Templates are being updated each time there is a successful verification, because there is the problem of ageing, as we get older, it gets harder to get good Acceptance/rejection Rates.
"Also I cant seem to find any advantages in introducing ID cards but i have to list some in my report. Its supposed to help stop illegal immigrants and help against terrorism but its not true because you can replicate these cards..."
I agree, the main concern with ID cards will be forgery, and biometrics alone will not prevent forgery or fraud. In Holland, they used strong encryption, but apparently Dutch biometric passports have already been hacked!!. See it's how you implement the technology, biometrics work in certain applications, but for a huge project like ID cards of millions of people, umm... (not too sure) but there are advantages, but biometrics have to be used as a layer on top of (smartcards, encryption or passwords) I think here in the UK, if they try to store the data as an algorithmic encryption, it will make it impossible for even the most sophisticated fraudster to read or substitute.another thing, why do they need to store our individual data on both card and central database? until now, We don't understand why they need to do this, i think they are planning to extend the usage of the cards in future, which will be a major concern for the civil liberty groups. Other countries such as France and Italy have stipulated that biometric information is stored only on the cards themselves - thus still within the possession of the individual. So why has the UK decided to include a central database as well? We can understand that from a security point of view, central storage makes the most sense in an online world. But if you're also storing this on the cards themselves, that invalidates the security argument. Another concern is, will the project work? The LSE has raised concerns about this and the government does not have a strong track record here.
bottom line, USA is dictating, they want biometrics, UK governmt will be issueing biometrics passports and ID cards sooner of later, because USA is saying so, security is not a priority, they have an excuse, "we have to fight terrorism" ...

Mobile virus jumps from PC to mobile device

Should we be afraid yet? A group of researchers said they found the first virus that can jump from a PC to a mobile device, exactly the scenario that invokes visions of massive chaos. The malicious code, named "Crossover", was sent anonymously to the Mobile Antivirus Researchers Association as a proof of concept bug. Meanwhile, Russian anti-virus specialist Kaspersky Lab has discovered evidence of the first mobile phone Trojan targeting J2ME devices, an unexpected move in light of the fact that most security experts were thinking that Symbian was going to be the primary target. The sample Trojan, "Redbrowser.A" is a J2ME-based Java Midlet that disguises itself as a WAP browser that offers free browsing. But the Trojan sends text messages to premium rate numbers.
http://news.com.com/Virus+makes+leap+from+PC+to+PDA/2100-1029_3-6044457.html?tag=nefd.top

UB Biometrics Researchers Enhance Fingerprint Technology

BUFFALO, N.Y. – Forgot your password? No problem. Biometrics researchers at the University at Buffalo have made important advances that bring closer the day when we can access devices and Web sites with nothing more than the touch of a fingertip."This research paves the way toward efficient methods of preventing unauthorized access to handheld devices, such as cell phones, wireless handheld devices and electronic audio players, as well as to secure Web sites," explained Venu Govindaraju, Ph.D., principal investigator, UB professor of computer science and engineering, and director of the university's Center for Unified Biometrics and Sensors (CUBS). "It also will help make fingerprint matching for forensic applications more effective."Fingerprint access potentially can eliminate the need for consumers to remember all those annoying passwords, he added.The UB research addresses a key problem that has emerged in the quest for fingerprint access to electronic devices and Web sites: quantifying how much security is possible with fingerprinting, given that most commercial sensors tend to capture only partial fingerprints."This problem needs to be overcome before it will be possible to routinely replace passwords with fingerprints," Govindaraju said.The UB research specifies the physical dimensions of the keypad sensor in order to achieve specified levels of security, an issue that is of growing importance as devices become ever smaller.Govindaraju explained that any company considering using fingerprint matching for access will want to be able to quantify what level of security is possible."With passwords, this is an easy task," he said, "obviously a six-letter password will be much more difficult to break than a three-letter password because there are so many more possible combinations."Similarly, Govindaraju and his colleagues decided to try to quantify how big a fingerprint image has to be in order to achieve an acceptable level of security."For the first time, we have determined the minimum surface area required for fingerprint scanning in order to achieve a level of security that is roughly comparable to the security achieved with a six-letter password," he explained.Called the Automated Partial Fingerprint Identification system, the algorithm developed by the UB scientists enables computer systems of, say, banks or online retailers, to determine whether or not to grant access, by securely matching two fingerprint images (the stored one and the "new" one) even when only part of the print is captured....
http://www.linuxelectrons.com/article.php/20060301003629550

Tuesday, February 28, 2006

NIST Issues Final Federal Biometric Specs Government Technology

NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification, contains specifications for acquiring, formatting, and ...

http://csrc.nist.gov/piv-program/index.html

Thursday, January 05, 2006

Researchers pore over biometrics spoofing data

By Michael Kanellos
Published: Thursday 22 December 2005

Sweaty hands might make you unpopular as a dance partner but they could someday prevent hackers from getting into your bank account. Researchers at Clarkson University have found that fingerprint readers can be spoofed by fingerprint images lifted with Play-Doh or gelatine or a model of a finger moulded out of dental plaster. The group even assembled a collection of fingers cut from the hands of cadavers. In live fingers, perspiration starts around the pore and spreads along the ridges, creating a distinct signature of the process. In a systematic test of more than 60 of the carefully crafted samples, the researchers found that 90 per cent of the fakes could be passed off as the real thing. But when researchers enhanced the reader with an algorithm that looked for evidence of perspiration, the false-verification rate dropped to 10 per cent. The idea of using perspiration is promising as a way to beat hackers because sweating follows a pattern that can be modelled. In live fingers, perspiration starts around the pore and spreads along the ridges, creating a distinct signature of the process. The algorithm, created by Stephanie Schuckers, associate professor of electrical and computer engineering at Clarkson, detects and accounts for the pattern of perspiration when reading a fingerprint image. Dead fingers don't sweat. Schuckers said in a pre-released statement: "Since liveness detection is based on the recognition of physiological activities as signs of life, we hypothesised that fingerprint images from live fingers would show a specific changing moisture pattern due to perspiration but cadaver and spoof fingerprint images would not." The research, funded by a $3.1m grant from the National Security Agency and conducted in collaboration with other universities, is part of an ongoing effort to improve biometric authentication and identification. Other methods are in the works as well. Fingerprint readers essentially take a picture of a fingerprint and match it to a sample in the database. To get around spoofs involving lifted fingerprints, NEC researchers have developed technology that actually takes a picture of the tissue underneath the fingertip to get a three-dimensional image that can be matched against a database sample. Fujitsu has developed an authentication technology that looks at vein patterns. Although biometric identification technologies continue to improve, each has its own flaws. Voice authentication is fairly accurate and tough to spoof, say advocates, but it can be affected by a bad phone connection. Iris scans work well but are commercially impracticable. Face scanning is actually less accurate than most but consultants for the US State Department say the technology was chosen for electronic passports because that particular identity test seems to make people feel less like criminals. Michael Kanellos writes for CNET News.com http://software.silicon.com/security/0,39024655,39155244,00.htm