Identify yourself: 2 fingerprint scanners tested

 Fingerprint scanners  Reviews: SecuGen EyeD BioHamster Targus Defcon 1 Authenticator  Specifications How we tested Sample scenario Editor's choice About RMIT Thanks to the movies, we're quite comfortable with biometric scanning, but are fingerprint scanners ready for the office? And are they as easy to defeat as we've seen at the cinema?

Biometric fingerprint scanner
 Fingerprint scanners

 Reviews:

 SecuGen EyeD BioHamster
 Targus Defcon 1 Authenticator

 Specifications
 How we tested
 Sample scenario
 Editor's choice
 About RMIT
Thanks to the movies, we're quite comfortable with biometric scanning, but are fingerprint scanners ready for the office? And are they as easy to defeat as we've seen at the cinema?

There is no doubt that fingerprint scanners are a very convenient form of identification. The technology is relatively non-invasive and quick, with the added benefit that placing one's finger on a painless sensor is a technology that doesn't scare users. In addition, fingerprints cannot be read involuntarily from a distance--contrast this with the iris scanners in the film Minority Report  that track a hapless Tom Cruise. Another bonus is that the technology is now relatively inexpensive and for a few hundred dollars you can augment your PC or notebook with a fingerprint scanner.

Other types of biometric technologies are still fraught with problems, and iris scanners especially are all not they are hyped up to be. Unlike your fingerprints, your iris is a dynamic item, various light levels lead to stretching and contraction of the features, this requires more sophisticated software to carry out transforms to make a match. Also some features of your iris do change. For example, if you've been on a bender the night before and you're tired, your blood pressure will be elevated and you may have bloodshot eyes. All this is going to subtly, or not so subtly, change the topography of your iris. As a result of this the more inexpensive solutions have a higher false positive and false negative rate than is acceptable for many security purposes.

How secure are fingerprint scanners?
We are led to believe by many vendors that their fingerprint scanners are very secure with such marketing lines as "you can't give a friend a finger" or "you can't leave your finger lying around on a scrap of paper for anyone to read". As far as these statements go they are true, you do not have to remember your fingerprint as you do a password and, baring grisly scenarios, you and your fingerprint must be present to access a scanner.

At first it appears that if someone really wants the information locked away by your fingerprint the only way they are going to get at it is by coercion or removal of body parts. It has been discussed freely around the biometrics industry for some time that scanners should include additional sensors to ensure the finger that makes the print is alive, ergo still attached to your breathing body; ways to do this include say detection and measurement of your pulse for example.

To date, these additional safeguards have not been widely implemented, and the inexpensive technology we looked at here has certainly not inherited these features.

Unfortunately this is not the full story, there are ways of getting around fingerprint scanners that do not involve such drastic measures as abduction or the use of cleavers.

We have all witnessed spy shows like Mission Impossible  and Charlie's Angels  where the biometric security systems are tricked by fancy contact lenses with another person's iris print, or stick-on fingerprints duplicated by lifting the pattern of the fingerprints from the unsuspecting victim.

Most of us probably think, "yeah right, about as believable as the rest of the movie's complete suspension of reality".

However, there is more than a grain of truth this time. To be blunt, you can trick most fingerprint scanners and there are various ways of doing so. But before you get all up in arms and ask well why are we even entertaining using these things if they are not truly secure let's look at what "security" really means.

For a start, security is a relative thing. For example you might leave $10 lying around in a drawer because if you lose it you will be annoyed but not destitute. On the other hand, you would not leave your life savings just sitting in a drawer. Another more obvious example is your door locks at home: they will quite effectively block 99 percent of the population and grant you a comfortable degree of security, but up against a determined expert, the average home security is a joke.

We were surprised with how easy it was to get around some of the fingerprint scanners. According to some security experts, the oily fingerprint residue left on a capacitive scanner can be "reactivated" simply by re-humidifying the latent print either by a hot breath from your lungs or gently placing a plastic bag of hot water on top of the latent print. Unfortunately, we did not have a capacitive fingerprint scanner to test this out but you can obviously take steps to ensure this does not happen by simply sliding your finger off the scanner plate in order to smear the latent print.

We found a great research paper on how to fool fingerprint scanners entitled Impact of Artificial "Gummy" Fingers on ngerprint Systems.

In essence the researchers at Yokohama National University in Japan found you could take in imprint of your fingerprint using moulding putty and then fill the mould with a very thick gelatine mixture, about the consistency of a "gummy bear" when set. The resultant fake finger could be used quite consistently to fool various optical and capacitive fingerprint scanners they had at their disposal. And, like the movie scenarios, you could adhere a slice of the fake finger over your own prints and walk up to a scanner under the watchful eye of a security guard, gain access, then once inside you can peel off the fake fingerprint and eat the evidence.

Obviously the above scenario requires the cooperation of the fingerprint donor but this does not have to be the case. Apparently, on average, we deposit 20 or so full or usable partial fingerprints in our travels each day, it would be a simple matter to hand the unsuspecting donor a glass wine and then steal away with the glass and the prints. The print can then be "lifted" using common super glue--the above research paper outlines all the steps involved.

Of course if security is really an issue, most organisations do not rely on a single form of authentication so you may use a finger print scanner in conjunction with a password or smart card to correctly authenticate an individual.

There are three basic types of fingerprint scanners: optical, capacitance, and RF imaging. For more information on how they work take a look at the following links from HowStuffWorks and AuthenTec.

SecuGen EyeD BioHamster
SecuGen EyeD BioHamster

When we were told the name of the product prior to delivery our imagination got the better of us as we tried to picture what the "BioHamster" would look like. As it turns out the unit is not particularly exotic, the name appears to be there to distinguish the unit from ThumbAccess's other unit, the BioMouse, that as the name suggests is an optical mouse with integrated fingerprint sensor.

The Hamster is relatively small and unobtrusive standing around 8cm high with a footprint 5.5cm by 7.5cm. It utilises optical fingerprint scanning technology and plugs into the computer's USB port.

Setup and configuration of the Hamster is a quick process involving a handful of steps through the Enrolment Wizard. Enrolling fingerprints is a surprisingly quick process, certainly faster than the Targus.

The software provided with the scanner, Secu­Desktop2000, included several applets. A database backup applet to ensure a copy of the fingerprint database can be saved and stored offsite; a device diagnostic utility that allows the user to test the unit and confirm it is operating correctly; a log event viewer; and finally Secu­Manager, which allows the administrator to manage users, their fingerprints and also alter the system configuration settings. You can also nominate folders to encrypt. SecuManager is a relatively basic application and is certainly easy to navigate. The supplied software does not support a central fingerprint database but from mid-January 2004 this functionality will be provided with the new version of the software.

The encryption software is useful--the facility is also provided with the Targus--so even if someone steals your drive they cannot extract your encrypted data.

The unit was quite reliable in operation, provided your fingerprint was "clean". We drew some simple black marker pen lines on our fingerprint and found the unit then had trouble reading the print and reliability dropped. We found reliability also dropped for other forms of "unclean" prints. In an office environment, this would not prove too much of an obstacle, for a start users would register more than one finger, however in a workshop or factory environment this may prove a problem.

 Fingerprint scanners

 Reviews:

 SecuGen EyeD BioHamster
 Targus Defcon 1 Authenticator

 Specifications
 How we tested
 Sample scenario
 Editor's choice
 About RMIT
Product SecuGen EyeD Hamster
Price $320
Vendor ThumbAccess Biometrics
Phone 02 9657 1360
Web www.thumbaccess.com
 
Interoperability
½
Supports Windows 98 or later.
Futureproofing
Vendor says centralised fingerprint database will be shipped with this unit as standard by the time you read this.
ROI
Significantly more expensive than the Targus but will include centralised database functionality out of the box.
Service
½
1-year warranty.
Rating

Targus Defcon 1 Authentication
T&B Editor's choice
Targus Defcon 1 Authentication

The DefCon is a very small unit, less than 5cm wide, around 2cm thick and 7cm deep which in addition to the RF fingerprint scanner includes a two-port USB hub so rather than losing a USB port when you plug the unit in you actually have one extra port.

The setup and configuration while simple was slightly lengthier than the Hamster and included much the same procedures. The fingerprint enrolment process is slower than the Hamster as the DefCon unit appears to take slightly longer to grab each print and also catalogues more images of the one finger to build up its database. A cute feature is the voice prompts during the configuration such as "Select the finger you wish to enrol", these are perfectly understandable and tend to be of more assistance to a novice.

The software provided with the unit, OmniPass, is not readily accessible to the novice as it resides in the Windows Control Panel, a place many novices fear to tread.

We found the software supplied with the unit was a little buggy. If, for example, the fingerprint enrolment fails, say because you do not place your finger on the sensor correctly, the voice prompt correctly states that the enrolment failed but the Windows dialog box displays a misleading message. The message is to the effect that the sensor is in use, close any apps before trying to use the sensor again.

New users can be added using OmniPass, users can also be removed and the user profiles imported or exported. Like the Hamster, DefCon also supports file encryption although in this case it could not be easier, simply right click on the relevant folder or drive and amongst the options are OmniPass Encrypt and Decrypt files.

The supplied software does not include a centralised fingerprint database capability for your network, but there are a few third-party providers that Targus recommend with SafLink at the top of their list, which apparently supports Active Directory and SQL.

We found the DefCon to be extremely reliable in operation and "unclean" fingerprints with marker pen or oil on them for example were read without a problem; often these would pose a problem with the Hamster and its optical sensor.

 Fingerprint scanners

 Reviews:

 SecuGen EyeD BioHamster
 Targus Defcon 1 Authenticator

 Specifications
 How we tested
 Sample scenario
 Editor's choice
 About RMIT
Product Targus Defcon Authenticator
Price $199
Vendor Targus
Phone 1800 641 645
Web www.targus.com/AU/
 
Interoperability
½
Supports Windows 98 or later.
Futureproofing
½
Does not include centralised database functionality, however there are several third party options available.
ROI
Inexpensive, particularly with a two-port USB hub. Third party software required for a centralised database. More immune to “unclean” prints and more accurate than the EyeD Hamster.
Service
½
1-year warranty.
Rating
Specificaitons

Product SecuGen EyeD Hamster Targus DefCon 1 Authenticator
Scanner RRP (inc GST) $320 $199
Distributor ThumbAccess Biometrics Targus
Telephone 02 9657 1360 1800 641 645
URL www.thumbaccess.com www.targus.com/AU/
Scanner Warranty 1 year return to base 1 year
Fingerprint Scanner Technology Optical RF true print
Platforms supported Windows 9x, Me, 2000, XP Windows 9x, Me, 2000, XP
Supplied Software SecuDesktop2000 Softex OmniPass
Support for centralised company-wide fingerprint database Optional extra; ThumbAccess says ThumbSecure Desktop due for release week Jan 2004 will support centralised template vault. Optional extra; Targus recommentds Saflink, Bionetrix, or Isl-Biometrics
 Fingerprint scanners

 Reviews:

 SecuGen EyeD BioHamster
 Targus Defcon 1 Authenticator

 Specifications
 How we tested
 Sample scenario
 Editor's choice
 About RMIT

How we tested

Interoperability
Does the scanner support a good variety of operating systems?

Futureproofing
Can you maintain a centralised database of users' fingerprints for your whole network?

ROI
The age-old comparison of price, performance, and features.

Service
What warranties and service contracts are available? Can you get prompt service at a reasonable price?

Sample scenario

Company: ATSA Call Centres. This company wants to improve the security of its desktop PCs and notebooks, and wants to install fingerprint scanners on each to ensure that only the appropriate staff have access to company data and resources.

Approximate budget: $300 per scanner.

Requires: Fingerprint scanners and software for 80 PCs and notebooks.

Concerns: The accuracy of the scanners is very important, as is the difficulty in circumventing the security measures. The ability to tie into the company's existing directory systems and to support hot-desking is also a consideration.

Best solution: The Targus seems the more accurate of the two with its RF technology, costs $120 less and although it doesn't ship with centratlised database functionality, there's a wide range of third-party software you could use instead.

Editor's choice

Targus DefCon 1 Authenticator
The SecGen EyeD Hamster is more expensive, but will include centralised fingerprint database functionality out of the box by the time you read this. However the functionality and features of the software are an unknown quantity. The Targus DefCon 1 Authenticator has quite wide support from third-party vendors and features Radio Frequency (RF) fingerprint scanning technology that should prove to be less susceptible to trickery than the optical unit in the EyeD Hamster.

 Fingerprint scanners

 Reviews:

 SecuGen EyeD BioHamster
 Targus Defcon 1 Authenticator

 Specifications
 How we tested
 Sample scenario
 Editor's choice
 About RMIT
About RMIT IT Test Labs

RMIT IT Test Labs
RMIT IT Test Labs is an independent testing institution based in Melbourne, Victoria, performing IT product testing for clients such as IBM, Coles-Myer, and a wide variety of government bodies. In the Labs' testing for T&B, they are in direct contact with the clients supplying products and the magazine is responsible for the full cost of the testing. The findings are the Labs' own--only the specifications of the products to be tested are provided by the magazine. For more information on RMIT, please contact the Lab Manager, Steven Turvey.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All