Re: Biometrics

From: Eduardo Kienetz (eduardok_at_gmail.com)
Date: 07/18/05

  • Next message: Warren, John: "RE: radius server implimentation"
    Date: Mon, 18 Jul 2005 13:07:38 -0300
    To: security-basics@securityfocus.com
    
    

    On 7/13/05, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote:
    > On 2005-07-12 Eduardo Kienetz wrote:
    > > On 7/12/05, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote:
    > >> 1. With biometrics you always have to find a balance between false
    > >> accepts (wrong person get's access) and false rejects (valid user
    > >> doesn't get access).
    > >> 2. Fingerprints can be easily forged [1], and people leave their marks
    > >> around everywhere they go.
    > >> 3. How will you handle a biometric token (i.e. fingerprint), that gets
    > >> compromised? People usually have only ten fingers.
    > >
    > > Just a clarification here...
    > > This is not a problem anymore... there are new fingerprint (even whole
    > > hand) scanners that not only scan your finger/hand, but also measure
    > > temperature/pulse (to make sure the hand is alive :).
    >
    > You haven't read the article I mentioned, have you?

    The article only shows someone copying a fingerprint, but no tests are
    made with a fingerprint recognition device. I wouldn't take
    conclusions from that. Also, the fingerprint is very well 'printed' in
    the bottle. Now, do you know of any studies with percentage of
    fingerprints been acquired in such a good shape (or, from such
    objects)? Note that I'm not opposing to your opinion, just adding more
    details into it.
    By the way, I've read many other articles besides that one.

    > > Besides that if you use password-based auth, the "thief" would just
    > > need to threat you that... for example he'll cut your finger if you
    > > don't tell him the password... ;) etc.
    >
    > And you would consider this to be easier than getting someone's finger-
    > print from e.g. a bottle or glass in a restaurant, because ... ?

    I was comparing it to the fact of cutting someones finger, which was
    pointed out by our colleague. Nothing else. I agree getting someone's
    fingerprint from a bootle or glass is easier (although I maintain
    citation above regarding the superficial article).

     
    > > One could even combine the scanning of BOTH hands to authorize.
    >
    > That would not only fail to solve the inherent problem, but also reduce
    > the pool of available tokens from 10 to 1.
    True. Perhaps you got me wrong.

    Best regards,

    -- 
    Eduardo  Bacchi Kienetz
    LPI Certified - Level 1 & 2
    http://www.noticiaslinux.com.br/eduardo/
    

  • Next message: Warren, John: "RE: radius server implimentation"

    Relevant Pages

    • Re: Text fingerprinting
      ... > generate some kind of a fingerprint for the texts which can be compared ... > against the stored corpus of fingerprints to detect copying. ... I have heard of software comparing text for high correlation (i.e. ...
      (comp.theory)
    • Saving an array of bytes to an image(bitmap) on the client side
      ... fingerprint recognition. ... We use therefore a fingerprint scanning ... device on the client, ... we want to save it via VBScript (the scanning is ...
      (microsoft.public.scripting.vbscript)
    • USB key with encryption and fingerprint reading?
      ... anyone know of a USB key that does fingerprint ... fingerprint recognition in hardware and need a fingerprint to gain ... I'm not keen on just access control rather than encryption. ...
      (uk.comp.os.linux)
    • Re: FINGERPRINT IDENTIFICATION
      ... Amit Gupta wrote: ... > regarding fingerprint identification and fingerprint recognition ...
      (comp.soft-sys.matlab)
    • Text fingerprinting
      ... We would like to find similiarity for text that has been copied from a ... comparing the whole text would not be feasible (so ... generate some kind of a fingerprint for the texts which can be compared ... Thanks in advance for any replies and/or pointers to resources. ...
      (comp.theory)