Archive for December, 2013

PostHeaderIcon The Foibles of Fingerprints

When Apple announced the iPhone 5s in September 2013, much of the popular press hailed the device’s inclusion of fingerprint sensing (dubbed Touch ID) as a major breakthrough in mobile security.
The more astute journalists pointed out that Motorola had brought to market fingerprint scanning in the Atrix 4G handset back in February 2011, more than two and a half years earlier. As an owner of the Atrix 4G since its early days, I can provide some insight into the real-world ups and downs of using a fingerprint scanner on a daily basis, although the proliferation of fingerprint devices presents greater security concerns.

In terms of usability, the fingerprint method clearly surpasses PIN or password or pattern input as a way to unlock a mobile handset, particularly when it’s a function that gets executed dozens of times a day. It’s one of the reasons that I have hung on to the Atrix 4G as one of my phones for this long.

A couple of scenarios confound the Atrix 4G’s fingerprint recognition. One is short term changes in fingertip skin, such as from recently wet hands that distort the skin (an extreme example being “prune finger” from shower or bath) or otherwise cause moisture-related problems for the capacitive finger sensor. (In this type of sensor, the fingerprint image is generated by electrical rather than optical differences between ridges and troughs.)

Another problem appears to be seasonal, in that skin condition varies enough from summer to winter here in New England that I have to recalibrate the handset with a fresh set of print samples a couple of times a year. A device with more sophisticated pattern recognition algorithms and more powerful processing might be able to account for such variability, and perhaps the iPhone 5s is better than the Atrix 4G in that regard.

No doubt law enforcement uses more elaborate techniques for matching prints, but as a consumer device, the Atrix 4G does remarkably well, correctly recognizing my print more than 95 percent of the time on the first swipe (i.e. fewer than 5 percent false negatives). The likelihood of false positives, that is someone else’s finger successfully unlocking the phone, is effectively zero.

Sure, a determined attacker could poach a fingerprint from somewhere else and dupe it onto the sensor, as was widely publicized when a group of hackers successfully accessed an iPhone 5s that way only a few days after the product’s release. However, the odds of that actually happening to a phone in the wild are slim, as long as the handset maker doesn’t build the housing out of a glossy plastic that’s a fingerprint magnet. The odds are probably higher that an attacker would pick up a user’s PIN or password just by watching over the shoulder.

A much greater risk would be if hackers managed to distribute malware via an innocent looking app that uploads fingerprint data to a central server where it could be used for other nefarious purposes. Even if the fingerprint images stored on the handset (Data At Rest) are adequately encrypted, a smart enough attacker with the right level of access might be able to capture the raw data from the sensor as the finger is scanned (Data In Motion). Embedded devices of any kind that include fingerprint recognition need to be designed from the start to prevent such access. (Companies such as AuthenTec offer on-sensor encryption.) In addition to critical infrastructure like energy grid and transportation management, fingerprint sensors increasingly will appear in multi-factor authentication for broader embedded applications for financial transactions, building access, medical records, biotech laboratories, home security, and a range of consumer electronics products.

Theft of one person’s fingerprint would be an immense hassle for that individual but not a societal threat. A method of surreptitiously capturing prints from thousands or even millions of consumers could present a massive security nightmare, especially since those prints later could be employed on other devices for which a user has fingerprint access. All it would take to expose such a risk would be one consumer electronics manufacturer that shortcuts the design of one popular product to save a little on development time or BOM cost.

Users don’t have the option of resetting their compromised fingerprints as they do their passwords, and they don’t have the option of using different fingerprints to access different systems, at least not beyond the limit of two hands’ worth. Ironically, fingerprints may become less secure in the long run than other forms of authentication. In the meantime, I’m hanging onto my phone.

Read more:

PostHeaderIcon NSN has the edge in the race

With the explosion in mobile data traffic, operators struggle to provide the data services that their customers desire.
ABI Research forecasts that mobile monitoring and optimization equipment revenue will increase to over $9 billion by 2018 and operators can remain competitive by continuously providing their customers with high performance data services even with congested networks.

Research analyst, Sabir Rafiq comments, “Mobile operators are feeling the squeeze on data capacity, and with solutions such as Self-Optimizing Networks (SON) and Wi-Fi offloading they can assure that their customers receive the best possible service at all times.”

Optimizing across heterogeneous networks, which are multi-technology and multi-environment networks, also plays a vital role. As many people utilize different devices for their daily data usage, optimizing across technologies such as 3G / 4G / macrocell / HetNets / Wi-Fi is required to profitably deliver an optimum service.

Rafiq continues, “The coordination between the macro cells and small cells is vital to deliver optimum performance of the radio network and provide a meaningful end customer experience.”

ABI Research sees that the leading mobile network infrastructure vendors, Ericsson, Alcatel-Lucent, Huawei, and NSN all provide SON and Heterogeneous Network solutions. NSN has an edge over its competitors with its intelligent SON automation and early field deployments across 3G and 4G. The solution helps operators to monitor the deployment, process alignment strategies, and implement new network elements.

Read more: