funsec mailing list archives
Re: To see why iris scanning can be a biometric ...
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Sat, 21 Aug 2010 20:51:12 -0700
To rephrase in language of security; The requirement is a non-repudiable, non-forgeable, single identity token. The mooted solution is iris scanning, because it is unique, and supposedly hard to copy. The premise is that this can be used solely on the basis of "something you have or are" as opposed to the time-honored double verification of "something you have and something you know". Applying basic logic, this means that the mooted solution is only valid if the token (the iris) is indeed cryptographically validly (meaning more complex than the equivalently acceptable crypto algorithm is to crack or spoof) non clonable/stealable for the required level of access. Since you can always kidnap someone or their family, and hold a gun to their head to make them scan their own real eye, and if there is no secondary authentication that could allow for a "I've been compromised" response, the whole concept of iris scanning as a single token is busted. The invalidity of just scanning an iris as a means of access control and authentication has nothing to do with the uniqueness of the iris, and everything to do with the ease of acquiring a particular iris with the access you require. Absent the ability to further authenticate the legitimacy of the access request, to include appropriate response to duress (don't lock out, allow access and then interdict), any access control method fails the basic logic of defense against probable attack scenarios. From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Dan Kaminsky Sent: Friday, August 06, 2010 4:27 PM To: rmslade () shaw ca Cc: funsec () linuxbox org Subject: Re: [funsec] To see why iris scanning can be a biometric ... Anything can be a biometric. The problem is we leak the damn things all over the place. On Fri, Aug 6, 2010 at 8:18 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah <rmslade () shaw ca> wrote: http://www.photographyserved.com/Gallery/Your-beautiful-eyes/428809 ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org After the rush is over, I'm going to have a nervous breakdown. I've worked for it, I owe it to myself, and nobody is going to deprive me of it. victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- To see why iris scanning can be a biometric ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 06)
- Re: To see why iris scanning can be a biometric ... Dan Kaminsky (Aug 06)
- Re: To see why iris scanning can be a biometric ... Rich Kulawiec (Aug 08)
- Re: To see why iris scanning can be a biometric ... G. D. Fuego (Aug 08)
- Re: To see why iris scanning can be a biometric ... Tomas L. Byrnes (Aug 21)
- Re: To see why iris scanning can be a biometric ... Dan Kaminsky (Aug 21)
- Re: To see why iris scanning can be a biometric ... Michael Simpson (Aug 25)
- Re: To see why iris scanning can be a biometric ... Larry Seltzer (Aug 25)
- Re: To see why iris scanning can be a biometric ... Dan Kaminsky (Aug 06)