Ubuntu should include 'bioapi' to support fingerprint readers

Bug #54816 reported by Gabriel Bauman on 2006-08-01
50
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Baltix
Undecided
Unassigned
Ubuntu
Wishlist
Ubuntu Security Team

Bug Description

Many new laptops (such as the Dell Latitude D620) are including fingerprint readers as authentication devices.

There is an existing framework called 'bioapi' that supports these devices. It includes PAM modules, so you could feasibly use it to authenticate XScreenSaver, GDM, etc.

 o Unofficial deb package:
        http://www.qrivy.net/~michael/temp/

 o Useful information:
        http://www.qrivy.net/~michael/blua/
        http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader

 o Official BioAPI site:
        http://www.bioapi.org/

 o PAM modules:
        http://www.qrivy.net/~michael/blua/pam_bioapi/

I have not looked into licensing requirements for the software.

description: updated
lknfdskjy76 (cfer45ysd) wrote :

i agree. bioapi needs to be supported and used more. also by working out all the problems now, then once fingerprint readers are more widely accepted, ubuntu will have full support with minimal bugs.

Justin Dugger (jldugger) wrote :

Has anyone subscribed to this gotten it working for their own use?

Jelmer Vernooij (jelmer) wrote :

Yeah, I've used it to login to GDM.

Seth Galitzer (sgsax) wrote :

I've got it to work in gdm and the console, but not gksudo. In fact, doing an admin task that uses gksudo has the annoying feature of quietly timing out when the reader software fails to load, requiring a second request to get the password dialog. Also, the document on thinkwiki referenced above indicates that to get xscreensaver to honor the reader, you must recompile it from source, which requires a lot of hunting for dev packages. While not difficult if you know what you are looking at, it is certainly not for the uninitiated.

Justin Dugger (jldugger) wrote :

Obviously a first step in the right direction would be to attempt to use the source from Ubuntu packages instead of directly from CVS. "apt-get source" and "apt-get build-dep" should be very helpful in determining whether the patches apply cleanly to Ubuntu's current system. Of course, if the patches introduce new problems to users without any fingerprint readers, that would have to be addressed as well.

Here in a couple weeks edgy will be released, and perhaps a few MOTU will be interested in pitching in for edgy+1. I suspect though that not many current Ubuntu devs have the hardware.

Caroline Ford (secretlondon) wrote :

Thanks for your report. Your idea might get more attention and have
the possibility of being implemented if you would submit a
specification for this.

You should first check whether it already exists at the Ubuntu specs
page (https://launchpad.net/distros/ubuntu/+specs) in Launchpad. If
that is the case, feel free to contact the drafter of that spec about
your comments/suggestions. Otherwise you can start writing a spec
following the steps described in
        https://wiki.ubuntu.com/FeatureSpecifications.

Chris Burgan (cburgan) wrote :

Thanks for your bug report, is this still an issue in Feisty?

I just downloaded the iso last night and haven't had a chance to install
it yet. I'll let you know.

Thanks.
Seth

Chris Burgan wrote:
> Thanks for your bug report, is this still an issue in Feisty?
>
> ** Changed in: Ubuntu
> Status: Unconfirmed => Needs Info
>

--
Seth Galitzer
Systems Coordinator
Computing and Information Sciences
Kansas State University
<email address hidden>
785-532-7790

This is absolutely still an issue in Feisty, however, I agree with many of the folks who say that a security package like this should be completely OSS. I would encourage Ubuntu developers to focus on the feature specification at: <https://launchpad.net/ubuntu/+spec/fingerprint-authentication>.

Lothar (lothar-tradescape) wrote :

Is there any work being done to make this happen in Gutsy(+x)?

Justin Dugger (jldugger) wrote :

Last night I went about getting thinkfinger packaged and uploaded on my ppa. It works in Gutsy, but there are many rough edges. If you're feeling gutsy, you can add my ppa and see just how well it works.

More importantly, it's not bioapi. I'll take a look at that this weekend and see whether one or the other is more suitable. But for those who care more about the fingerprint working versus bioapi specifically, this should help some.

Launchpad Janitor (janitor) wrote :

[Expired for Ubuntu because there has been no activity for 60 days.]

Wladston Viana (wladston) wrote :

I have installed thinkfinger today. Besides the rought edges, I can't only swipe my finger to login ... if I have to type to use the fingerprint reader, there is no more fun on using it ...

is there anyone doing anything to support the fingerprint readers out there ?

how can I keep updated of the progress ?

Jörn Dreyer (j.dreyer) wrote :

I hope someone is working on this ... I'd really like an update ...

Justin Dugger (jldugger) wrote :

At the moment, there are serious barriers to adopting this software for Ubuntu, but I'm working on fuzzing the edges. These problems are:
* Lacks translations
* Requires uinput readable by user
* Requires ACLs to make gnome-screensaver work
* Stores authentication data in a strange place
* Does not, and cannot, unlock gnome keyrings on login.
* Requires users to muck with udev rules, /etc/modules and /etc/pam.d/ files
* No GDM integration to detect user via fingerprint

Most importantly:
* Potentially conflicts with US Export Laws. I think the design is in the clear, but I am also not a lawyer versed in export law.

Help is certainly welcome. If anyone has writes patches for any of these, attach them here and submit upstream!

Wladston Viana (wladston) wrote :

Justin, Jorn :

Okay, so I guess what we need here is to :

* clearly define the goal on some visible place
* figure out what it takes to get there
* split that work in multiple bugs/blueprints
* get people to make the tasks

Can anyone, who knows better how to make things happen here than me, explain how to make it happen ?

about the direct fingerprint login :
are you sure that it's really unsafe ? I guess one could hash some of the fingerprint information, and associate that hash to the user. so, when the finger print is inserted, the hash can be used to identify the user, and the whole fingerprint data for the password check.

Justin Dugger (jldugger) wrote :

It's unsafe for a few reasons:
1. As far as I know, PAM doesn't handle this, so you'd be
2. Fingerprints can't work with hashes. The fingerprint scans are noisy enough that no two scans can be assumed identical. Instead auth systems compare stored minutia to the current scan, and introduce a probabilistic verification. The minutia is what's stored in the BIR, but nobody is sure what the details contain.
3. Comparing a given print to all print records is dangerous. (It may also slightly export controlled). If you have several prints recorded, an intruder has ten chances to come up with a close match. More if he has an accomplice. Its an increased risk per user registered, since as stated in 2, it's a probabilistic match.

I wouldn't be surprised if collisions occur if you enroll 100 users. Fortunately, most people appear to be pushing for a single enrollee use case.

Wladston Viana (wladston) wrote :

Justin,

Thanks for the information. I searched a little bit, and found valuable data...

The most interesting thing that I saw was a Diploma Thesis from Josef Hajas (2005) : https://dip.felk.cvut.cz/browse/pdfcache/hajasj1_2007dipl.pdf The title is : Integration of a biometric user authentication in unix-like systems.

It was a very well made document, and, from what I've read, it's possible to make authentication (one-to-one) and identification (one-to-few) routines in a secure way.

First, a personal case : In my gym, they have a fingerprint-based gate. The only think you have to do to get in is to put your finger on the reader, and wait a few moments. It then says a message like "Have a good day, Wladston!", with my photo. I notice other people using this system, and the picture always mach the faces :) Also, I doubt that my academy would use such system if there is any chance of collisions, considering this is the only control form, and they should have about 500~1k registered users (it's a big gym!)

The pay-by-thouch system, however, asks you a localization code + finger (the localization code usually is the phone number) ... but maybe they just do it for acceleration ...

I'm attaching a very interesting part of this work :
"A fingerprint may contain on average between 75 and 175 minutiae
points[53]. Only some twenty minutiae points are enough for identification [43]. Most of
the advanced devices for storing fingerprints for later matching store only these several
points. It is therefore not possible to produce a complete fingerprint from this stored
information. If the attacker fails to find the key to how these points are chosen, he also
fails to make a usable counterfeit of the recorded fingerprint from the existing fingerprint
copy outside the reader."

Please, take a read on the document, and tell me what you think of it ....

Justin Dugger (jldugger) wrote :

It's an interesting document. Unfortunately, I live in the US and we have export controls on things I believe akin to the "many to one" concept. I have no idea why this law enforcement related software would be banned for export. Perhaps I shall write an inquiry to my Congressmen. The paper is also a bit specific to Lenovo Thinkpad designs in some areas. If you like this paper enough, I think you might try running it past the Ubuntu Technical Council's agenda. If you do that, please let me know and I'll make sure and observe. They've done much work in Ubuntu, and if the Technical Council generally likes the idea, the authors should be contacted about inclusion etc. At the very least, the References section is handy.

As far as arguing what is secure and what isn't, when we talk about security, one must think of risk in both the probability and cost dimensions. The probability of a mismatch is low in the gym example. The cost is even lower. With Ubuntu in contrast, the cost of a compromised login isn't known. SSH and GPG keys could be compromised, leading to rootkit'd machines, infected packages. possibly botnets.

Wladston Viana (wladston) wrote :

Justin,

The guy did everything there, including usability testings on ubuntu ... let's just implement it!

I really doubt that this kind of software can't be shipped due to legal issues. My computer, a Toshiba R20 tablet pc, has a fingerprint reader, and you can login just by swiping the finger. Lots of similar computers from usa with this technology and software are selling here on Brazil.

The document says that lenovo and ibm lappies have an embedded chip to increase security even more, but it doesn't say that these chips are absolutely required for a safe operation.

How can I send this to the Ubuntu technical counsil ?

I know that the cost on the gym is low... I'm thinking about inviting the author of that documment to come comment here on this bug, from his research, he'll be able to tell if that security method is at least as safe as a 8 alphanumeric + special characters password, with is what most ubuntu users that require safe login screens probably use today.

Wladston Viana (wladston) wrote :

just adding some pages : https://launchpad.net/ubuntu/+spec/fingerprint-authentication (the blueprint)
https://wiki.ubuntu.com/FingerprintAuthentication (even contains a plan of action)
http://www.reactivated.net/weblog/archives/2006/10/fingerprinting-legal-issues-update/ (legal issue concerns - doesn't specify the exact problem)

Justin Dugger (jldugger) wrote :

It's not quite bioapi, but I've filed a sync request for Debian's experimental thinkfinger package, and it was recently filled in hardy.

Andrey Zhekov (x3ro.daemon) wrote :

Why not try another tool for fingerprint reading like "fprint"? It seamlessly works in Gutsy

More info here: http://www.novell.com/communities/node/3093/biometric-fingerprint-scan

I think fprint is the way to go, there are several reasons listed in the fprint FAQ why it is more useful than bioapi.

reh4c (gene-hoffler) wrote :

This Youtube video is interesting (useful to our cause?):
http://www.youtube.com/watch?v=NzXWVoBN1kI

Does anyone have any info on this method/implementation?

reh4c (gene-hoffler) wrote :

Can any developer (someone smarter than me) use the information here: http://www.upek.com/support/dl_linux_bsp.asp
to help develop fingerprint reader (UPEK) packages for ubuntu?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers