Firewall Wizards mailing list archives
RE: Re: Biometrics
From: <broyds () rogers com>
Date: Thu, 14 Apr 2005 15:01:53 -0400
The overall lesson I get from this is that one needs to do a true cost-benefit analysis of every authentication scheme. Don't just take the "it is more secure" mantra and apply it indiscriminately. We all agreed that the value of the owner's finger is greater than the value of the Mercedes, so a security technology that can cost the finger while protecting the Merc is not a valid cost-benefit trade-off. This seems obvious in hindsight, but it probably was not considered in creation of the biometric authentication device for the Mercedes. This is one problem with nearly all biometric devices. Since they depend on biological characteristics for providing the authenticity check, they are bypassed/breached by subverting those processes. But subversion of a biologic process can have far more catastrophic consequences than bypass of other processes such as binary processes. This also gets back to the meaning of security. Although some have used the Confidentiality, Integrity, Availability triad as a definition, a better definition would be that an asset is secure when it is protected so the expected value of the disclosure, corruption, or loss of that asset (in statistical, risk sense) is significantly less than the value of that asset. In this case, the biometric secured one asset, but exposed another (the finger) to a much greater security exposure. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Paul D. Robertson Sent: Thursday, April 14, 2005 11:32 AM To: Mark Boltz Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Re: Biometrics <snip> The whole point (and why I think it's important to continue this thread a bit past its due date) is that in the case of biometric authentication, the authenticator is *probably* more important to the user than the thing being protected- especially when the attack is a denial-of-service attack (be it as a precursor to a new attack, or malice because the attacker decides that if it won't work for them, it won't work for you either.). _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Biometrics broyds (Apr 14)
- Re: Re: Biometrics Devdas Bhagat (Apr 14)
- <Possible follow-ups>
- RE: Re: Biometrics Eugene Kuznetsov (Apr 15)