Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)

• Previous message: Foley, Denys: "[fw-wiz] Biometrics"
• In reply to: Paul D. Robertson: "Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)"
• Next in thread: Paul D. Robertson: "Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)"
• Reply: Paul D. Robertson: "Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Sun, 10 Apr 2005 19:02:22 +0100

> On Fri, 1 Apr 2005, Devdas Bhagat wrote:
>
>> http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm
>>
>

<snip>

Just goes to show that finger print recognition, or *any* Biometrics
on their own, are insuffufficient.

A _proper_ security system needs to be based on:

    a) something that you own
    b) something that you know

You can call (a) a "token" if you wish, you can call (b) a "password"
or "pass phrase" if you wish... the _best_ systems would be ones where
the token identifies itself using an unpredictable sequence like the RSA
SecureID tags and the think that you 'know' was, say, the next item
from a one-time-pad.

Clearly in the case of the unfortunate Merc driver they obtained the
token (his finger) and there was no requirement for something he knew
- if there was then it would likely have been a (fixed) PIN code which
they could also have extorted under pain-of-death type tactics.

However if they had needed a token plus the next PIN from a sequence
(or part of a challenge/response) then they would have needed him,
alive, and always _with_ the vehicle.... this would make stealing the
pointless.

Equally, if the biometrics could have asked for any finger, toe, retina
scan the theives would have had more trouble...

Mike

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Foley, Denys: "[fw-wiz] Biometrics"
• In reply to: Paul D. Robertson: "Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)"
• Next in thread: Paul D. Robertson: "Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)"
• Reply: Paul D. Robertson: "Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: EFS and biometrics? Other options? ... Subject: EFS and biometrics? ... he is using this for laptops. ... individual like this the authority to change the template, ... >> and skin from my index finger fingertip while working on a computer. ... (Security-Basics) RE: Biometrics ... fingerprints, leaving your finger over a sensor. ... With biometrics you always have to find a balance between false ... WideString as your finger representation. ... Regards, ... (Security-Basics) RE: EFS and biometrics? Other options? ... Subject: EFS and biometrics? ... > and skin from my index finger fingertip while working on a computer. ... It's more difficult for a fingerprint authentication system to recognize ... (Security-Basics) RE: Biometric question ... more tolerant modes (you can put your finger on 'close' to the same way ... Manager of Security Solutions ... biometrics, in fact only will be based on fingerprints biometric. ... How secure are fingerprints?, ... (Security-Basics) RE: Hacking USB Thumbdrives, Thumprint authentication ... For this reason I hope people don't choose biometrics as a mainstay. ... Perhaps people should spend more time analyzing these technologies so that there are reasons to avoid biometrics as a whole. ... Also those>serious about finger print biometric ... system will combine "have" and "know" methods for truer authentication. ... (Vuln-Dev)