::::::::::::::::::::::::::::::::::::::::::::::::::::::::May/99 ::: The Discordant Opposition Journal ::: Issue 5 - File 7 ::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Biometrics: Infinity Matrix A technology that virtually eliminates all kinds of fraud, biometrics is a very secure practice. It almost can not be bypassed. But I am not here to discuss how to bypass it, I am just going to explain some of the processes, such as fingerprinting and iris/retina scans, etc. A Look Inside NORAD --- Just a small prelude for what's to come. It's a little look inside the security at NORAD's operations base in Colorado. Probably about 95% of the data about NORAD is classified, so my information is very limited. So anyways, here goes. In the early 1960's, more than 690,000 tons of rock were carved out of Cheyenne Mountain to create nearly three miles of underground interconnected tunnels and caverns. A roadway that runs east and west through the mountain. This complex is built to withstand virtually any concievable natural disaster, act of sabotage and war, even multimegaton nuclear strike. Pretty amazing, huh? At The Front Door - The front door isn't exactly a piece of cake to get in. To enter the NORAD complex, a visitor must travel into the mountain on the main road and turn off to pass through a pair of three foot thick steel doors that weigh 25 tons apiece. The outer door is designed to close flush with the rock wall of the roadway, which is open at either end. The roadway thus acts to channel heat and percussion from an explosion through the mountain and away from the doors and the complex behind them. And, I doubt you would, but if you try to break in, uhm, your result: Big guys with guns. The ShockProof Structure - Each building in the complex rests in its own granite cavern on steel springs that let the structure roll with any shockwaves that penetrate the mountain, no part of the building touches the rock. Friction dampers, like giant shock absorbers, further reduce the shaking that could result from an earthquake or a nuclear explosion. Wire mesh on the wall protects communication and power cables from rockfalls. To counter the tendency of granite to shift under it's own weight, expandable bolts, ranging in length from 6 to 32 feet, are inserted into the rockface to form a compresses layer that strengthens the walls of the caverns. ================ Smart Cards --- First and foremost, I want to talk about smart cards. These aren't exactly biometrics, but they are an advanced identification method. Smart cards are the new answer to the traditional locks and keys to limit access to sensitive areas. Why this has taken place, because keys have a way of getting stolen and/or copied. There are basically three types of smart cards. Each of these smart cards can employ an identifying number or password that is encoded into the card itself, all pretty much out of the reach of an average criminal. Anyways, back to the three types of cards. Magnetic Watermark - During manufacturing of the tape, magnetic particles used to encode the card's permanent identification number are set in zones of varying width at alternating 45 degree angles the tapes longitudal axis (up and down). Data may then be encoded on the tape, but the identifying structure of the tape itself cannot be altered or copied. A card reader with a special head and circuitry is needed to scan the watermark. Optical Memory Card - Tiny dots representing binary ones and zeroes are either photographically etched onto the storage strip during manufacturing or burned in with a very small, low-powered laser beam. The card, which can hold the equivalent of a 400 page book on its 3 1/4 by 1/2 inch strip, is sealed with a protective layer that cannot be removed without destroying data and voiding the card. Microchip Card - The card's penny-sized microchip contains a processor and tree types of memory, totalling 21,800 bits for storing programs and data. Sensitive information, such as the cardholder's password and personal information is kept in the so-calle 'secret zone' in the card's read only memory. This zone is encoded during manuafcture, and is not accessible even to the card's owner. ================ The ManTrap The ManTrap is a simple structure that protects from intruders by verifying the identity of users. Here is the process it uses. 1. After entering the identification booth, a user punches in a pass number on a 12-button keypad, signalling the computer to retrieve the voice template and weight record registered by the person assigned that number. 2. Through an overhead speaker, the computer broadcasts a four-word phrase randomly selected from the 16 words previously registered. 3. The user repeats the phrase into the microphone and the sounds are digitized for comparison with the record on file. 4. If the voice patterns match and the weight on the floor scale is no more that 40 pounds over than the registered weight on the record, the exit door leading into the data-processing center will automatically unlock. If a user is not verified after seven tries, security is alerted. Again, big guys with guns. ================ Signatures --- Forging a signature has become one of the most useful tools in fraud. Many people have gotten patcheck, checks and other thing issued to them because they forged a signature on something. Now, you may not think this would work very well, but technology have come up with some pretty amazing stuff to make these signatures a useful and easy device to test user identity, with stuff like acceleration sensors and pressure sensors built into the pen. I know no-one could forge mine; it looks like a major seismic event. But anyways, here is how the biometric signature-recognition pen works. The biometric pen converts a signature into a set of three electrical signals by means of piezoelectric transducers, ceramic devices that generate measurable voltages in response to stress. A good example of these being used was in Rudy Rucker's The Hacker and the Ants, the piezoelectric transducers were fitted into gloves used in cyberspace, and they would contract and such so it gave the user feeling. Even though this is complete fiction in this time, it is still a good example. One transducer senses change in the writer's downward pressure on the penpoint, farther up the pen shaft, two transucers set at right angles to each other measure vertical and hrizontal movement. Although the computer does not need a visible signature, the pen also includes and ink cartidge because tests have shown that people sign more accurately if they see what they are typing. Signals from the pen's sensors are translated into a trio of electrical wave forms, one representing changes in the downward pressure, the other two representing acceleration along the pen's vertical and horizontal axes. The crossing of a t, for example, would register as a high point in the horizontal and a low point in the vertical wave form, where as the dotting of an i would produce a peak in the pressure- change wave while leaving both of the acceleration wave forms relatively flat. A curved or diagonal stroke, for its part, would create action in both sensors. ================ Voice Signatures --- Vocal Signatures have become a fad in movies, where people say things like "Hello, this is Joe Blow, my voice is my passport, verify me." (From the movie Sneakers - a very good one at that.) As you may have noticed, it is kind of easy to tape-record a person's voice, so this seems a bit easy to bypass. And here's how it works. For purposes of analysis, the computer focuses mainly on the simplest characteristics of a voice. Its acoustic strength. This changes during a spoken phrase from silence to varying degrees of loudness. To isolate personal characteristics within these fluctuations, the computer breaks the sound into its component frequencies and analyzes how they are distributed. On a spectogram - a visual representation of the voice - the high-amplitude frequencies are indicated by bright spots called formants is determined by the unique shape and movement of the speaker's lips, tounge, throat and vocal chords. ================ Iris/Retinal Scans --- Each person carries something other but just as different as a fingerprint in the back of their eye, the fine tracery of blood vessels. This method, in my opinion, is one of (probably) the best sort of biometric security, other than fingerprints. This system uses an infrared beam to scan the eye in a circular motion. A detector in the eyepiece measures the intensity of the light as it is reflected from different points. A detector in the eyepiece of the device measures the intensity of the light as it is reflected from different points. Because blood vessels do not absorb and reflect the same quantities of infrared as the surrounding tissue, the eyepiece sensor records the vessels as an intricate dark pattern against a lighter background. The device samples light intensity at 320 points around the path of the scan, producing a digital profile of the vessel pattern. (Only one inspection is necessary, since a person's retinal print, or retinal signature, does not change as the voice or written signature does.) The algorithm in the system's software then compresses the digital profile into a reference template. Enrollment can take as little as 30 seconds and verification can be even faster: The user types in an identification number to call up the reference template from the computer's memory and then looks into the eyepiece for a retinal scan. In only a second and a half, the computer compares the scan results with the template and grants access if the two signatures are close enough. ================ Hand Geometry --- Kids in school trace their hands in school and often notice that no two are alike. This method employs a scan that maps the geometry (Shape, bones, etc.) of the hand, and compares that to the scan. A user enrolls in a hand geometry system by placing his/her hand on the metal plate of a reading device, positioning the middle and ring fingers on either side of a small peg and aligning all the fingers along narrow grooves slotted with glass. An overhead light shines down on the hand, and a sensor underneath the plate scans the fingers through the glass slots, recording light intensity from the fingerprints to the webbing where the fingers join the palm. The device measures each finger to within 1/10,000 of an inch, marking where the finger begins and ends by the varying intensities of light. The information is digitized and stored in the system as a template or coded on a magnetic-strip ID card. Despite the uniqueness of individual hands, the method is not foolproof. For example, if a user is enrolled in the system wearing heavy nail polish, the sensor would not detect the true ends of the fingertips, which would be hidden by the dark nails. The computer would thus be unable to verify the person's identity if she tried to gain access after removing the nail polish. ================ FingerPrinting --- Fingerprint identification is based on the anatomical truth that no two fingerprints are the same; each has a unique pattern of figures, such as loops, whorls and arches. But this can easily be fooled. If there is a scrape, or some kind of dirt or smudge, the computer cannot properly identify the print. At enrollment, data samples from a scan of the user's fingerprint are interpreted as varying degrees of gray and assigned a numerical value. This gray scale representation is processed by a complex algorithm, which pats special attention to the places where clusters of light and dark points indicate that a ridge has divided or ended. The system is designed to analyze these minute ridge splits and endings, ascertaining their positions relative to the core of the print and to one another; the system also analyzes the angles of the ridges. These relationships remain unaltered even when a print's impression is faint, dirty or distorted. Several readings are taken and manipulated by the algorithm to create a stored template. A user wishing to gain access to a secure area merely enters an identification number to call up a template, places the same finger in the scanner and waits a few seconds for a verification analysis. If the prints are a close enough match, access is granted. ================ Almost all of the methods of biometrics can be dumbfounded. Biometrics is not very secure in my opinion, and just ask Biosone. He thinks biometric security sucks. And, well, it does. In my opinion anyways. Do I know my shit, or what??? :-) Thanx to Fraggle, RELM, Biosone especially... and magickal1^ All you guys rule... thanx. --InfinityMatrix http://imasylum.cjb.net matrix@pobox.alaska.net