Re: REVIEW: "Biometrics for Network Security", Paul Reid

From: Richard S. Westmoreland (richardsw_at_suscom.net)
Date: 10/04/04


Date: Mon, 4 Oct 2004 09:52:49 -0400


"Bruce Barnett" <spamhater103+U041001232907@grymoire.com> wrote in message
news:cjl7cl$mbc$1$208.20.133.66@netheaven.com...
> rslade@sprint.ca (Rob Slade, doting grandpa of Ryan and Trevor) writes:
>
> > BKBIOMNS.RVW 20040527
> >
> > "Biometrics for Network Security", Paul Reid, 2004, 0-13-101549-4,
>
>
> How does he prevent replay attacks?
>
> Some use smartcard technology with match-on-card software.

I suppose one method of securing the biometric authentication from replay
attacks, is to build into the biometric reader itself one time session IDs.
A person puts their thumb on the reader, which then generates an ID that is
used to encrypt the biometric data (and the ID itself). The data is
decrypted at the server along with the ID (using the server side's expected
ID), the ID is matched up in the database to confirm validity of the
biometric data. Then the biometric is matched up, and the person is
authenticated.

That should prevent any kind of replay attack, and streamline the process
without the need of an additional smart card.

>
> --
> Sending unsolicited commercial e-mail to this account incurs a fee of
> $500 per message, and acknowledges the legality of this contract.

Ever made any money from this? ;-)

--
Richard S. Westmoreland
http://www.antisource.com


Relevant Pages

  • Re: REVIEW: "Biometrics for Network Security", Paul Reid
    ... > How does he prevent replay attacks? ... is to build into the biometric reader itself one time session IDs. ... used to encrypt the biometric data. ... decrypted at the server along with the ID (using the server side's expected ...
    (alt.computer.security)
  • Re: context negotiation performance problem
    ... I made a simple test for security context negotiation of MIT krb5-1.3.5, under Linux, driven by GSSAPI: client call gss_init_sec_contextand send token to server, server call ... The fsync() certainly lead to low performance. ... The fsync is there to handle the problem of the machine crashing or losing power after an authenticator has been accepted and a data exchange ... If your protocol or threat model is such that replay attacks are not a problem, then under later versions of the code you could set the environment variable KRB5RCACHETYPE to "none" before starting the program. ...
    (comp.protocols.kerberos)