Nurseries to fingerprint parents

[Bennie-Mac]

Why not just ask the child if they know this person that is here to collect them? Im pretty sure most young children can recognize their parents...
Personally id rather the parents were fingerprinting the people they leave their children with 8 hours a day!

 

[SexyGreyFox]

Well that surely depends on what is available in your area and how many nurseries implement the system doesn't it? If my nearest non bio-metric data taking nursery now happens to be over 100 miles away I've got a theoretical choice to exercise my rights as a consumer in a vaguely free-market economy, not a practical choice.

50 Nurseries is just a grain of sand on a beach.
I've got around 30 nurseries on my placement books which is less than 1% of the total in Stoke alone.

 

[Eriedor]

I wouldn't count on that, the LM hash that windows uses can be broken in seconds using rainbow tables (admins regularly use these tables to check for insecure passwords on their networks), as can MD5 hashes. Just because something is hashed does not make it secure.

Which highlights the fact the flaw as always lies in the user, it doesn't make the method itself insecure if used correctly.

Also your example is irrelevant in this context, rainbow table of common fingerprint data?

 

[semi-pro waster]

50 Nurseries is just a grain of sand on a beach.
I've got around 30 nurseries on my placement books which is less than 1% of the total in Stoke alone.

That's as maybe, it was an illustrative example rather than an actual one. I've not the slightest clue about how many nurseries are in my local area and have no real intention of finding out until and unless I have kids but that doesn't alter the point at a fundamental level. Is there a trigger level where you might start to worry about it? 5%, 20%, 50% etc?

Which highlights the fact the flaw as always lies in the user, it doesn't make the method itself insecure if used correctly.

Flaws exist usually with the user I quite agree but there are certainly some insecure systems around. You're also going to find it difficult to eliminate users from the system so I think we have to accept that no system will ever be 100% secure. If it isn't going to be perfect or near as damnit then we need a good reason for implementing it and that is one thing I've yet to be convinced of here.

 

[Energize]

Which highlights the fact the flaw as always lies in the user, it doesn't make the method itself insecure if used correctly.

The method was insecure, even alphanumeric passwords longer than 14 chars were cracked, the weakness was the algorithm not the user.

Also your example is irrelevant in this context, rainbow table of common fingerprint data?

No different to generating rainbow tables from passwords. I can just imagine some crappy system being used here which allows almost anyone to obtain the data from the hashes.

 

[mr tommo]

I dont understand.

I visit day nurseries regularly over the winter months as we take the photos there. What is this system enabling the parent to do and stop other people doing?

EDIT : Whats wrong with knocking on the door or speaking into an intercom like normal Nurseries?

 

[Lagmeister]

Sounds like a roundabout way of saying encryption key. What level are we talking?

But the system can't work with just the codes alone. Unless you're going to tell me all of the data is encrypted?

It still seems over the top and more suited to prison security than a nursery though. Don't tell me, you work in this industry?

Not quite work, but my master's is based around the use of biometrics.

The idea behind this that the actual fingerprint is never stored ever, the identity of the person is based around the code generated by the data captured from the fingerprint scanner, once you have that the only real practical way of gaining access is with the fingerprint of the person who is gave the first sample.

Of course if the system uses a really poor hashing algorithm it would be feasably possible to reconstruct parts of the fingerprint, as a fingerprint isnt stored as an image of the print but rather a set of coordinates of the end points and orientation of the lines that make up your fingerprint, look close and you will see loads of lines end randomly all over the shop, some splitting up into two lines as well. Besides the only way you are going to get a hold of these codes is if your hack the database (unlikely if its set up right), listen to the communication line (should be secure, unless someone wants to cut corners) or you wait for someone to leave a cd containing the database.

The tech behind fingerprint scanning is fairly mature these days so its not as if this is a crackpot new fangled technology either.

 

[Eriedor]

The method was insecure, even alphanumeric passwords longer than 14 chars were cracked, the weakness was the algorithm not the user.



No different to generating rainbow tables from passwords. I can just imagine some crappy system being used here which allows almost anyone to obtain the data from the hashes.

Well good practise dictates salt is added before hashing making rainbow attacks near enough redundant.

Of course I am assuming as I dont know the finer points of finger print technology but I would imagine the discrete data range for finger prints is much larger than alphanumeric making rainbow tables yet more worthless.

 

[Vonhelmet]

No different to generating rainbow tables from passwords. I can just imagine some crappy system being used here which allows almost anyone to obtain the data from the hashes.

Not sure how you propose to produce something that can be scanned by the machine to give the desired hash result...

 

[Energize]

Not sure how you propose to produce something that can be scanned by the machine to give the desired hash result...

There's no need, the fingerprint is scanned and converted to data, that data is then fed into a hash. The possible ranges of data are already known so all that needs to be done is to put them through the hashing algorithm.

 

[Vonhelmet]

There's no need, the fingerprint is scanned and converted to data, that data is then fed into a hash. The possible ranges of data are already known so all that needs to be done is to put them through the hashing algorithm.

So what are you trying to do? Sneak into the nursery, or get people's fingerprint data? The former is possible, the latter is not. As soon as multiple items can hash to a single item (which they will, as we are hashing and not encrypting) you can't reliably work backwards to the original data. You can get back to data that hashes to the same thing, but unless everyone were using the same hashing algorithm for fingerprint identification, that's no use to you.

 

[Heliospherez]

Is it really any different to facial recognition software and car registration scanners now employed by some multinational companies in the UK ?

I have a friend who works for a company that installs such systems (and business is booming) & what initially turned out to be used for 'security' purposes is being used to give employees warnings for leaving their workstations without permission & taking too long for lunch breaks / leaving the premises for too long

Welcome to 1984.

 

[Energize]

So what are you trying to do? Sneak into the nursery, or get people's fingerprint data? The former is possible, the latter is not.

Getting the fingerprint data. If you wanted to get into the building you'd just follow a parent into it. However as demonstrated on the gadget show (I think) it is possible to create a copy of someones thumb to gain access (which would be constructed from the fingerprint data).

As soon as multiple items can hash to a single item (which they will, as we are hashing and not encrypting) you can't reliably work backwards to the original data. You can get back to data that hashes to the same thing, but unless everyone were using the same hashing algorithm for fingerprint identification, that's no use to you.

Brute force will always yield the original data (which is essentially what rainbow tables do), which depending on the implementation may be feasible (eg windows passwords). Also, many commonly used algorithms like md5 and sha (created by the NSA!) have been later found to have mathematical weaknesses.

In this situation however, it would be best just to install a device in the scanner which captures the fingerprint data before it is hashed.

 

[Angilion]

I'd try and think up a reasoned response but really all I can come up with is "what does this solve that ordinary vigilance wouldn't"? As has been said if you are transforming the fingerprint into a code number then you are storing biometric data and again no database or computer system is secure indefinitely.

It serves two purposes, one minor and one major.

The minor purpose is to provide profits for surveillance companies, the government's favourite companies.

The major purpose is to use children as a tool to impose a greater degree of surveillance on a larger number of people, so that they become used to it. Children are used as a tool because it's a very effective way to overcome any dissent. In time, the databases can be linked to the government's databases - an easy way to extend their scope.

 

[Steve2000]

This is just another example of the Big Brother society that this country is turning into. By 2020 they will have us all microchipped, and at the press of a button they'll be able to know our location via GPS, what we are doing, where we are going, where we've been, what we've bought, medical health, and probably even our thoughts.

I would withdraw my kids from a nursery that elects to adopt this strategy. Fortunately my kids are all grown up now, but years ago we built a good relationship with their teachers, headteachers, staff etc. Nowadays paranoia just consumes anything and everything.

 

[Vonhelmet]

Brute force will always yield the original data (which is essentially what rainbow tables do), which depending on the implementation may be feasible (eg windows passwords). Also, many commonly used algorithms like md5 and sha (created by the NSA!) have been later found to have mathematical weaknesses.

Rainbow tables won't yield the original data!

A hashing algorithm will always end up hashing multiple items to the same thing i.e. hash(A) = X and hash(B) = X. You can use a rainbow table to get an input item C which will give hash(C) = X but there is no way to know whether input C is the same as A or B or something entirely different.

 

[Energize]

Rainbow tables won't yield the original data!

A hashing algorithm will always end up hashing multiple items to the same thing i.e. hash(A) = X and hash(B) = X. You can use a rainbow table to get an input item C which will give hash(C) = X but there is no way to know whether input C is the same as A or B or something entirely different.

A hashing algorithm that gives the same hash for different data would be very insecure. A stranger could scan his finger and it could match a hash in the database allowing him to enter the building, also you could not tell who entered the building when. One of the ideal properties of a hash is that no two inputs will yield the same output, otherwise it would be vunerable to second preimage and birthday attacks.

Eg there are 2^128 bits of entropy, if two fingerprints give the same hash you now have 2^127 bits, 4 gives you 2^126, 8 gives you 2^125, 16 2^124, 32 2^123, and so on.

 

[wnb]

Are their that many kids kidnapped from nurseries that it justifies this type of security? The Nursry that my kids go to are coded so only parents and staff can get in, then the kids are signed in and out. If anyone other than the parents are to collect they have to be introduced and a photgraph provided.

Why do you need any more security than my kids nursery has?

 

[Vonhelmet]

A hashing algorithm that gives the same hash for different data would be very insecure. A stranger could scan his finger and it could match a hash in the database allowing him to enter the building, also you could not tell who entered the building when. One of the ideal properties of a hash is that no two inputs will yield the same output, otherwise it would be vunerable to second preimage and birthday attacks.

Eg there are 2^128 bits of entropy, if two fingerprints give the same hash you now have 2^127 bits, 4 gives you 2^126, 8 gives you 2^125, 16 2^124, 32 2^123, and so on.

I think you misunderstand hashing. All hashes have collisions, by definition.

The point is that a hash produces less data than you input. It's supposed to be trivially easy to store and compare a hash of an item e.g. a password and very difficult to turn that hash back into the original input.

Take MD5 for example... That produces a 128 bit hash of any data you give it. The data you give it can be enormous in size i.e. you can hash a DVD image. The output is the same size regardless of the input. You can hash "a" or you can hash your Vista DVD and you'll still get 128 bits.

Given that the output space is only 128 bits it should be pretty clear that multiple items will hash to the same output hash, as we know there are more than 2^128 possible inputs. This is not a problem, however, as no "close" items of input should hash to the same output. Given this "many to one" relationship, it should be clear that you can't reconstruct the input data from the output. You can potentially use a rainbow table to find valid input data to generate the same hash as other input data, so that in this case you can possibly fool the system into thinking you are someone else, but you can't recreate someone's actual fingerprint from the hash because there will be multiple valid inputs that could create that hash.

As has been said, salting will also prevent rainbow tables from working, as without knowing the salt it is impossible to construct the relevant rainbow table. You also mention that collisions can be generated with MD5, but this is a problem with the MD5 implementation, not with hashing itself.

 

[Energize]

I think you misunderstand hashing. All hashes have collisions, by definition.

Well perfect hash functions produce no collission.

Any hash function that produces significant collisions is too insecure to be used for authorisation due the already large number of hashes that will yield access, any algorithm which does produce collisions but not enough to be insecure for authorisation still allows the original data to be obtained due the fact that we know the data is a fingerprint which can be only be arranged in x number of ways, which will reduce the number of possible inputs to very few, of which we can then select the one with the highest probabilty.