Security Basics mailing list archives

RE: Biometric question

From: "Kenneth W. Kubiak" <kkubiak () bflohearspeech org>
Date: Thu, 7 Nov 2002 14:30:33 -0500

Felix,

In short, I'm not sold on ANY biometrics security solutions.  It just seems
that, particularly since the 9/11 attacks in the U.S., that we've tried to
move too fast in implementing these sort of high-tech solutions that we
aren't entirely sure how they work, if indeed they work at all.  I'd heard
something similar about fingerprint scanners, but I just couldn't remember
how they were fooled.  Go figure... we spend hundreds of thousands of
dollars on developing a new technology like that, only to have it fooled by
something you can buy with spare change from a vending machine!  Anyway, I
remember reading not too long ago, that facial recognition scanners could be
fooled something like two-thirds of the time by holding a laptop screen up
to the scanner from a few feet away that produced a low-res image of the
person to be authenticated.  Unfortunately I can't find the article at
present - but I wouldn't think facial recognition's the way to go either.  I
think if you're planning on implementing a biometrics solution, that it
should be supplemented with the conventional password backup, or at least a
secondary biometrics solution.

Ken

-----Original Message-----
From: Michael Sconzo [mailto:msconzo () tamu edu]
Sent: Thursday, November 07, 2002 12:13 PM
To: security-basics () security-focus com
Subject: RE: Biometric question


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the more memorable things that I have read about fingerprint
scanners is:
http://www.counterpane.com/crypto-gram-0205.html#5

You can basically fake a fingerprint biometric machine with a gummi
bear.  If I remember correctly, the majority of fingerprint scanners
are vulnerable to this type of attack. One of the big things to look
for is one that samples SHAPES not POINTS, and remember the more the
merrier.

As for other types of biometrics, I am not too sure, hopefully
somebody else can shed some light on those.

- -mike


- -----Original Message-----
From: Felix Cuello [mailto:felix () qodiga com]
Sent: Wednesday, November 06, 2002 1:27 PM
To: security-basics () security-focus com
Subject: Biometric question



Hello list!

   I will work in a project where phisical security will be based on
   biometrics, in fact only will be based on fingerprints biometric.

   How secure are fingerprints?, what biometric are more secure?
(voice,
   eye, ??? what else).

   I'm not a security expert :-)

   Thanks a lot,

   Felix
   [my english is bad... please sorry :-)]

- --
Felix Cuello
felix () qodiga com

Qodiga/its
Av.Santa Fe 882 P.13 Of. "E"
C.P. ABP1059C
Tel.: (54) 011 - 4312-1698
Buenos Aires - Argentina

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy
DzeFhJhhlLBeyqWGS/NABATs
=kUtf
-----END PGP SIGNATURE-----

Current thread:

Biometric question Felix Cuello (Nov 07)
- RE: Biometric question Michael Sconzo (Nov 07)
  - RE: Biometric question Kenneth W. Kubiak (Nov 08)
  - Re: Biometric question john slee (Nov 08)
  - RE: Biometric question Naveed Ahmed (Nov 08)
    - RE: Biometric question sanjay . patel (Nov 09)
    - Re: Biometric question Joey (Nov 09)
- Re: Biometric question Richard Caley (Nov 08)
- Re: Biometric question Mailing Lists (Nov 08)
- Re: Biometric question Volker Kindermann (Nov 08)
  - Re: Biometric question Catfish (Nov 09)
- Re: Biometric question Noah Salzman (Nov 09)
- Re: Biometric question Blake Girardot (Nov 09)

(Thread continues...)