Merge 9ea00845ab256df4ffe8caf319da1fb3e6bc969a into f6767eaab709e38586159ce4670193bbc06dec60

blog/posts/biometrics-explained.md

@@ -1,6 +1,6 @@
 ---
 date:
-    created: 2025-02-02
+    created: 2025-02-13
 categories:
     - Opinion
 authors:
@@ -11,7 +11,7 @@ license: BY-SA
 ---
 # Biometrics Explained
 
-![Glowing fingerprint on glass](../assets/images/biometrics-explained/cover.jpg)
+![Glowing fingerprint on glass](../assets/images/biometrics-explained/cover.webp)
 
 <small aria-hidden="true">Photo: George Prentzas / Unsplash</small>
 
@@ -19,24 +19,22 @@ Biometrics are a convenient and secure way to authenticate our devices. Many of
 
 ## :material-fingerprint: Fingerprint
 
-One of the most recognizable types of biometric authentication has to be the fingerprint reader. The idea is that everyone has a fairly unique fingerprint, so we should be able to distinguish between your fingerprint and someone else's reliably. (1) 
+One of the most recognizable types of biometric authentication has to be the fingerprint reader. The idea is that everyone has a fairly unique fingerprint, so we should be able to distinguish between your fingerprint and someone else's reliably.
 
-There are three main types of fingerprint: loops, whorls, and arches. Fingerprint sensors categorize your finger into these groups before using other details to uniquely identify your fingerprint. You might think that you could count the number of arches/whorls/loops, but there can be many people with the same configuration and number of these. Also fingerprint sensors won't be able to see your entire fingerprint most of the time, they are designed to work at weird angles and with a partial scan, so it's not viable.
+There are three main types of fingerprint: loops, whorls, and arches. Fingerprint sensors categorize your finger into these groups before using other details to uniquely identify your fingerprint. You might think that you could count the number of arches/whorls/loops, but there can be many people with the same configuration and number of these. Also fingerprint sensors won't be able to see your entire fingerprint most of the time, they are designed to work at weird angles and with a partial scan, so it's not viable to use the whole fingerprint for authentication.
 
-<figure markdown>
-  ![Examples of loop, whorl, and arch fingerprints](../assets/images/biometrics-explained/types-of-fingerprint.jpeg)
-  <figcaption>source: <a href="https://engines.egr.uh.edu/episode/2529">University of Houston</a></figcaption>
-</figure>
+![Examples of loop, whorl, and arch fingerprints](../assets/images/biometrics-explained/types-of-fingerprint.webp)
 
-[Finger minutiae](https://sites.rutgers.edu/fingerprinting/no-two-finger-prints-are-alike/) data is used to identify a fingerprint as unique. This data consists of the points on your fingerprint where lines split, abruptly end, individual dots, etc. Two people can have the same number of arches, loops, and whorls, but they won't have the exact same configurations of minutiae.
+<small aria-hidden="true">Image Credit: <a href="https://engines.egr.uh.edu/episode/2529">University of Houston</a></small>
+
+[Finger minutiae](https://sites.rutgers.edu/fingerprinting/no-two-finger-prints-are-alike/) data is used to identify a fingerprint as unique. This data consists of the points on your fingerprint where lines split, abruptly end, individual dots, etc. Two people can have the same number of arches, loops, and whorls, but they won't have the exact same configurations of minutiae. (1)
 { .annotate }
 
 1. :material-fingerprint: It's theorized that the reason humans have fingerprints in the first place is to [enhance our sense of touch](https://www.science.org/doi/10.1126/science.1166467).
 
-<figure markdown>
-  ![Example of finger minutiae including forks (where one line splits into mulitple lines), ends (where a line ends), islands (isolated dots), and inclosures (lines that split into two and then reconnect)](../assets/images/biometrics-explained/finger-minutiae.jpeg)
-  <figcaption>source: <a href="https://sites.rutgers.edu/fingerprinting/no-two-finger-prints-are-alike/">rutgers.edu</a></figcaption>
-</figure>
+![Example of finger minutiae including forks (where one line splits into mulitple lines), ends (where a line ends), islands (isolated dots), and inclosures (lines that split into two and then reconnect)](../assets/images/biometrics-explained/finger-minutiae.webp)
+
+<small aria-hidden="true">Image Credit: <a href="https://sites.rutgers.edu/fingerprinting/no-two-finger-prints-are-alike/">Rutgers University</a></small>
 
 Using these details for identification gives several advantages over trying to read the whole fingerprint. It allows the device to use less processing power, as well as providing some flexibility in case your finger is smudged or at a strange angle. The sensor doesn't even need to see your whole fingerprint. You might notice some fingerprint readers are very thin and might be located in a convenient place like a power button; finger minutiae is what allows them to still operate securely.
 
@@ -46,10 +44,9 @@ There are [three](https://www.androidauthority.com/how-fingerprint-scanners-work
 
 An optical sensor works by taking a picture of your fingerprint and turning it into data. They are the cheapest and least secure option. Since optical sensors capture two-dimensional images, an attacker may gain access by simply taking a picture of your fingerprint.
 
-<figure markdown>
-  ![Diagram showing a closeup of how an optical fingerprint sensor works by reflecting light off the skin](../assets/images/biometrics-explained/optical-diagram.jpeg)
-  <figcaption>source: <a href="https://clockit.io/fingerprint-scanner/">clockit.io</a></figcaption>
-</figure>
+![Diagram showing a closeup of how an optical fingerprint sensor works by reflecting light off the skin](../assets/images/biometrics-explained/optical-diagram.webp)
+
+<small aria-hidden="true">Image Credit: <a href="https://clockit.io/fingerprint-scanner/">clockit.io</a></small>
 
 Many devices implement one of these sensors under the display.
 
@@ -59,10 +56,9 @@ Optical sensors can struggle in the presence of bright sunlight, which is an iss
 
 Capacitive sensors measure the electrical conductivity of your finger. These are much more secure than optical sensors since they can't be fooled with an image. They're also tough to fool with prosthetics as different materials will have different electrical properties.
 
-<figure markdown>
-  ![Diagram showing a closeup of how a capacitive fingerprint sensor works by detecting the electrical difference in the ridges and valleys of a finger](../assets/images/biometrics-explained/capacitve-diagram.jpeg)
-  <figcaption>source: <a href="https://www.bayometric.com/capacitive-vs-optical/">bayometric.com</a></figcaption>
-</figure>
+![Diagram showing a closeup of how a capacitive fingerprint sensor works by detecting the electrical difference in the ridges and valleys of a finger](../assets/images/biometrics-explained/capacitve-diagram.webp)
+
+<small aria-hidden="true">Image Credit: <a href="https://www.bayometric.com/capacitive-vs-optical/">Bayometric</a></small>
 
 Capacitive sensors won't work if the [tissue is dead](https://www.livescience.com/62393-dead-fingerprint-unlock-phone.html), since dead tissue loses all electrical charge. So morbid worries about someone using your dead body to unlock your phone can be assuaged.
 
@@ -72,10 +68,9 @@ Conveniently they also don't require a light source under them to work, although
 
 Ultrasonic fingerprint sensors use sound to create a detailed 3D representation of your fingerprint using ultrasound waves (sound waves with a frequency greater than 20khz). It's a similar concept to what's used to map the ocean floor: sound is emitted from transducers and bounces off your skin. By measuring the time it takes for the sound to reach the microphones, your phone can create a detailed map of the ridges and valleys in your finger.
 
-<figure markdown>
-  ![Diagram showing the transducers emitting ultrasound waves and reflecting off the finger tissue bouncing back and then being picked up by microphones](../assets/images/biometrics-explained/ultrasonic-diagram.png)
-  <figcaption>source: <a href="https://www.researchgate.net/publication/285770473_Piezoelectric_Micromachined_Ultrasonic_Transducers_for_Fingerprint_Sensing">Yipeng Lu</a></figcaption>
-</figure>
+![Diagram showing the transducers emitting ultrasound waves and reflecting off the finger tissue bouncing back and then being picked up by microphones](../assets/images/biometrics-explained/ultrasonic-diagram.webp)
+
+<small aria-hidden="true">Image Credit: <a href="https://www.researchgate.net/publication/285770473_Piezoelectric_Micromachined_Ultrasonic_Transducers_for_Fingerprint_Sensing">Yipeng Lu</a></small>
 
 This is the most expensive type of sensor but it produces the most accurate readings with the highest reliability. It doesn't matter if your finger is a bit dirty or wet, it will still work unlike optical or capacitive sensors.
 
@@ -97,9 +92,9 @@ Many devices come with the capability to unlock them using your face. The [imple
 
 ### :material-camera-front: 2D Camera Face Unlock
 
-Every phone already has a camera, so why not use it for face unlock? There are many reasons.
+Every phone already has a camera, so why not use it for face unlock?
 
-If you're relying on a plain 2D image, then there's always the possibility that it could be fooled by a regular photo. Someone getting in to your phone because they have a picture of your face is a security nightmare scenario and the only thing stopping it is the whims of whatever algorithm was programmed into your phone.
+If you're relying on a plain 2D image, then there's always the possibility that it could be fooled by a [regular photo](https://www.theregister.com/2023/05/19/2d_photograph_facial_recog/). Someone getting in to your phone because they have a picture of your face is a security nightmare scenario and the only thing stopping it is the whims of whatever algorithm was programmed into your phone.
 
 This form of face unlock is also less likely to work in low-light conditions than infrared variants.
 
@@ -131,6 +126,18 @@ It uses near-infrared light to reveal highly unique patterns independent of the
 
 The extremely short distance this technology operates at makes it very difficult for someone to unlock your device without you noticing, and you can simply close your eyes to prevent someone from forcing you to unlock it.
 
+## :material-chip: Secure Element
+
+All forms of biometric authentication rely on proper hardware such as a secure element in order to be secure. The secure element provides a secure and tamper-resistant place to store your biometric data so it can't be easily extracted. Examples include Apple's [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web) and Google's [Titan M](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) series of chips. You should avoid devices that lack a secure element; they won't be able to properly implement secure biometrics without one.
+
+## :material-matrix: Algorithm
+
+Because biometric systems need to translate the physical properties of your body to data, they rely on an algorithm to determine if their reading matches closely enough. 
+
+[Android](https://source.android.com/docs/security/features/biometric) has guidelines on how OEMs should implement biometrics and how they can [test](https://source.android.com/docs/security/features/biometric/measure) them for security. If you're performing your own security research, you should look here for guidance on testing methodology.
+
+There is also independent research into the security of biometric systems. This combination of external and internal rigor helps ensure the security of these systems, although more well known brands like Apple and Google will receive more scrutiny than lesser-known ones.
+
 ## :material-keyboard: Typing Biometrics
 
 Companies like [TypingDNA](https://www.typingdna.com) claim to be able to identify users by how they type.
@@ -155,19 +162,17 @@ There are two approaches for extracting biometric data from video.
 
 This approach attempts to model the human body in order to track the different parts of it. A well-known example of this approach is the Microsoft Kinect, which only consists of a fairly low-resolution camera. It simplifies the human body into a stick figure, which you can see in footage of the [Kinect](https://www.youtube.com/watch?v=33AsuE-WP64) in action. It then uses the distances and joint angles of the model for gait recognition.
 
-<figure markdown>
-  ![Diagram showing the kinect's model of the human body, a 2D skeleton made up of various parts](../assets/images/biometrics-explained/kinect-skeleton.jpeg)
-  <figcaption>source: <a href="https://www.researchgate.net/publication/334049964_Markerless_Human_Motion_Tracking_Using_Microsoft_Kinect_SDK_and_Inverse_Kinematics">Alireza Bilesan, Saeed Behzadipour, Teppei Tsujita, Shunsuke Komizunai, and Atsushi Konno</a></figcaption>
-</figure>
+![Diagram showing the kinect's model of the human body, a 2D skeleton made up of various parts](../assets/images/biometrics-explained/kinect-skeleton.webp)
+
+<small aria-hidden="true">Image Credit: <a href="https://www.researchgate.net/publication/334049964_Markerless_Human_Motion_Tracking_Using_Microsoft_Kinect_SDK_and_Inverse_Kinematics">Alireza Bilesan, Saeed Behzadipour, Teppei Tsujita, Shunsuke Komizunai, and Atsushi Konno</a></small>
 
 #### Model-free
 
 Model-free approaches don't try to model the human body but instead use the whole motion of human silhouettes. This gives a few advantages, namely it works regardless of camera quality and it takes significantly fewer resources.
 
-<figure markdown>
-  ![Diagram showing the process of turning raw camera input into a silhouette useful for giat recognition](../assets/images/biometrics-explained/model-free-gait.webp)
-  <figcaption>Yousef, R.N., Khalil, A.T., Samra, A.S. et al. Model-based and model-free deep features fusion for high performed human gait recognition. J Supercomput 79, 12815–12852 (2023). <a href="https://doi.org/10.1007/s11227-023-05156-9">https://doi.org/10.1007/s11227-023-05156-9</a></figcaption>
-</figure>
+![Diagram showing the process of turning raw camera input into a silhouette useful for giat recognition](../assets/images/biometrics-explained/model-free-gait.webp)
+
+<small aria-hidden="true">Image Credit: <a href="https://doi.org/10.1007/s11227-023-05156-9">Yousef, R.N., Khalil, A.T., Samra, A.S. et al.</a></small>
 
 ### :material-axis-arrow: Accelerometer
 
@@ -177,7 +182,11 @@ Accelerometers work by measuring the accelerations in 3D space in X, Y, and Z co
 
 ### :material-foot-print: Floor Sensor
 
-It's possible to identify individuals using [sensors](https://www.amti.biz/product/bms464508/) in the floor that measure the pressure of your steps as you take them.
+It's possible to identify individuals using [sensors](https://www.amti.biz/product/bms464508/) in the floor that measure the pressure of your steps as you take them. There are already companies offering software/hardware [installations](https://www.scanalyticsinc.com/how-it-works) for tracking customers within a store using this technology.
+
+>Scanalytics floor sensors capture up to 100% of foot traffic through your buildings and spaces. Capturing individual foot steps and the paths they form, we are able to monitor and analyze complete space movements and usage. 
+
+Floor sensors are especially concerning since they're completely invisible to you.
 
 ### :material-radar: Radar
 
@@ -185,14 +194,18 @@ Radar works by transmitting a signal and measuring how long it takes for that si
 
 Using a continuous wave (CW) radar that's constantly emitting a signal, it's possible to measure the movements of all the different parts of your body during your gait to identify you uniquely. This is called a [micro-Doppler](https://books.google.com/books?hl=en&lr=&id=SVCQDwAAQBAJ&oi=fnd&pg=PA1&ots=cqJxAh_rPv&sig=bBz1w4h-C4nDrzNwiRvZUexKbnc#v=onepage&q&f=false) signature. These sensors can even be sensitive enough that they can pick up breathing and heartbeats of humans trapped in rubble during rescue operations.
 
-## :material-chip: Secure Element
+[GaitMetrics](https://gaitmetrics.com/applications/) is a company claiming to offer mmWave gait recognition technology.
 
-All forms of biometric authentication rely on proper hardware such as a secure element in order to be secure. The secure element provides a secure and tamper-resistant place to store your biometric data so it can't be easily extracted. Examples include Apple's [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web) and Google's [Titan M](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) series of chips. You should avoid devices that lack a secure element; they won't be able to properly implement secure biometrics without one.
+>It is also possible to identify the intruder’s unique radio gait IDs and capture them in a database. Any intruder with an unknown radio gait ID detected within the premises will trigger an alarm, and the intruder’s location will be tracked down.
 
-## :material-matrix: Algorithm
+They claim it can uniquely identify individuals as well as penetrate walls, a worrying combination.
 
-Because biometric systems need to translate the physical properties of your body to data, they rely on an algorithm to determine if their reading matches closely enough. 
+## Conclusion
 
-[Android](https://source.android.com/docs/security/features/biometric) has guidelines on how OEMs should implement biometrics and how they can [test](https://source.android.com/docs/security/features/biometric/measure) them for security. If you're performing your own security research, you should look here for guidance on testing methodology.
+Like all technology, biometrics aren't inherently good or bad. They're used to secure out devices and make authentication smooth and easy, but they're also used for [mass surveillance](https://therecord.media/europe-gait-recognition-study-pilot-program). Especially now with the rise of AI, we've started to leave the realm of scientifically rigorous usages and into the realm of digital snake oil, with companies like Cursor Insight launching their [MotionScore](https://www.motionscore.ai) product.
 
-There is also independent research into the security of biometric systems. This combination of external and internal rigor helps ensure the security of these systems, although more well known brands like Apple and Google will receive more scrutiny than lesser-known ones.
+>Our patent-pending AI technology identifies hidden patterns in signatures and online or mobile user interactions. These patterns can reflect behaviors and personal characteristics relevant to creditworthiness and reliability.
+
+It should go without saying that making decisions about who to give a loan to based on... how they sign their name or some other mystery movement data is ludicrous, laughable if it wasn't affecting real people's lives. Now more than ever we need to be educated about the biometric technology that we use and that's used against us. The [EFF](https://sls.eff.org/technologies/biometric-surveillance) is a great resource that documents and fights against abuses of biometric technology.
+
+Many of the same technologies used for mass surveillance are also used for [helpful](https://www.amti.biz/2024/08/28/amti-technology-featured-in-triple-crown-power-5-fastpitch-tournament/) purposes. It's up to us to ensure responsible use of technology going forward.