Re: REVIEW: "Biometrics for Network Security", Paul Reid

From: Richard S. Westmoreland (richardsw_at_suscom.net)
Date: 10/04/04


Date: Mon, 4 Oct 2004 17:06:32 -0400


"Bruce Barnett" <spamhater103+U041004162047@grymoire.com> wrote in message
news:cjscvg$qqm$0$208.20.133.66@netheaven.com...
> "Richard S. Westmoreland" <richardsw@suscom.net> writes:
>
> I was asking about the author's opinion, because this should be an
> indication of his bias and thoroughness to a topic. I'm not a
> biometric expert, but biomterics can't solve every problemn in
> isolation. An unbiased writer would cover these issues. But the
> world is filled with people who think their technology will solve
> every problem in the world.

Sorry I was going off on a tangent - I don't care so much about the book
itself, thought I'd hop into a conversation about biometrics.

>
> > That should prevent any kind of replay attack, and streamline the
process
> > without the need of an additional smart card.
>
> Well, how does one know the reader is trusted? I can walk up to a
> Trojan'ed reader, and it can capture my thumbprint and replay it at a
> later date.

I considered this. Some kind of CRC the reader goes through and the server
matches up a hash with the reader's internal circuitry, to confirm it is
untainted.

>
>
> >The data is
> >decrypted at the server along with the ID (using the server side's
expected
> >ID), the ID is matched up in the database to confirm validity of the
> >biometric data.
>
>
> This also requires the reader to be connected to the server in order
> to be authenticated. If the network is down, or disconnected, the
> person cannot be authenticated. So that's two potential problems.

Server or desktop/laptop - can be connected to either. If I have an RSA
SecureID, and the server is down, I'm not getting on then either. I thought
the point was authentication to the *network*? No network, then I sit and
wait until it's fixed.

Rick



Relevant Pages

  • Re: Kerberos machine authentication - apparent authentication fail
    ... > until logon), the wireless connection can kick off when it is ready. ... > was confirmed in the server event logs with IAS (i set that up as the radius ... > as an ordinary user kicks in and takes over from the machine authentication. ... > while the network sorts itself out and a double click on a network link of ...
    (microsoft.public.windows.server.security)
  • RE: [fw-wiz] IPv6 comes in the game
    ... Microsoft Windows 2000/2003 server does 802.1x auth fine. ... wireless access as well as port access on certain switches in the network. ... then you're able to log the authentication at the RADIUS ...
    (Firewall-Wizards)
  • Re: ipfw plus authentication (authpf is cool but....)
    ... authentication happening in the process of dhcp. ... router first before being allowed to access any server. ... script will happily change the router's firewall ruleset to allow the ... user does not want to access any network server anymore. ...
    (freebsd-questions)
  • Re: SQLCEReplication over GPRS
    ... Internet side, just not over GPRS: ... network that was causing the issue. ... as that's the server sync DLL version that you're using. ... connecting via GPRS via vodafone the authentication part is missing. ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: Access Denied to share with anonymous access disabled
    ... > Integrated Windows authentication, then you are looking at the classic ... > server, why should the server automatically be able to use your ... > to access some other network resource? ... > ASPNet local user account full access to the share. ...
    (microsoft.public.inetserver.iis.security)