Re: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)

From: Michael J. Tubby B.Sc. (Hons) (mike.tubby_at_thorcom.co.uk)
Date: 04/10/05

  • Next message: Seguridad en Computo - UNAM: "[fw-wiz] Computer Security Mexico 2005"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Sun, 10 Apr 2005 19:02:22 +0100
    
    

    > On Fri, 1 Apr 2005, Devdas Bhagat wrote:
    >
    >> http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm
    >>
    >

    <snip>

    Just goes to show that finger print recognition, or *any* Biometrics
    on their own, are insuffufficient.

    A _proper_ security system needs to be based on:

        a) something that you own
        b) something that you know

    You can call (a) a "token" if you wish, you can call (b) a "password"
    or "pass phrase" if you wish... the _best_ systems would be ones where
    the token identifies itself using an unpredictable sequence like the RSA
    SecureID tags and the think that you 'know' was, say, the next item
    from a one-time-pad.

    Clearly in the case of the unfortunate Merc driver they obtained the
    token (his finger) and there was no requirement for something he knew
    - if there was then it would likely have been a (fixed) PIN code which
    they could also have extorted under pain-of-death type tactics.

    However if they had needed a token plus the next PIN from a sequence
    (or part of a challenge/response) then they would have needed him,
    alive, and always _with_ the vehicle.... this would make stealing the
    pointless.

    Equally, if the biometrics could have asked for any finger, toe, retina
    scan the theives would have had more trouble...

    Mike

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Seguridad en Computo - UNAM: "[fw-wiz] Computer Security Mexico 2005"

    Relevant Pages

    • RE: EFS and biometrics? Other options?
      ... Subject: EFS and biometrics? ... he is using this for laptops. ... individual like this the authority to change the template, ... >> and skin from my index finger fingertip while working on a computer. ...
      (Security-Basics)
    • RE: Biometrics
      ... fingerprints, leaving your finger over a sensor. ... With biometrics you always have to find a balance between false ... WideString as your finger representation. ... Regards, ...
      (Security-Basics)
    • RE: EFS and biometrics? Other options?
      ... Subject: EFS and biometrics? ... > and skin from my index finger fingertip while working on a computer. ... It's more difficult for a fingerprint authentication system to recognize ...
      (Security-Basics)
    • RE: Biometric question
      ... more tolerant modes (you can put your finger on 'close' to the same way ... Manager of Security Solutions ... biometrics, in fact only will be based on fingerprints biometric. ... How secure are fingerprints?, ...
      (Security-Basics)
    • RE: Hacking USB Thumbdrives, Thumprint authentication
      ... For this reason I hope people don't choose biometrics as a mainstay. ... Perhaps people should spend more time analyzing these technologies so that there are reasons to avoid biometrics as a whole. ... Also those>serious about finger print biometric ... system will combine "have" and "know" methods for truer authentication. ...
      (Vuln-Dev)