Security Basics mailing list archives

Biometric question

From: "Jacob Kitchel" <jacob_kitchel () hotmail com>
Date: Sat, 09 Nov 2002 19:58:01 -0500

A retina scan DOES NOT use a laser and does not scan! Among many, this is acommon misconception in the biometrics world. Please read this article for adescription of how it works:


http://hotwired.lycos.com/synapse/hotseat/97/34/transcript2a.html

quote from the article:
McChesney: How is that image of the rear of the eye read? With a laser?

Siedlarz: Well, no. There's a common misconception about that. It's really aharmless beam of light that's used for scanning. And part of the confusion,of course, is that we have the word "scan" in our name when we really don'tdo that. We're using essentially common video imaging that then digitizesthat image and puts it into an iris code that, as Randy pointed out, is putinto silicon and available for recall.


--end quote

While the iris is mentioned in this quote, it is also valid for retinascans.







----Original Message Follows----
From: "Joey" <josefhuggins () hotmail com>
To: "Security Basics" <security-basics () securityfocus com>
Subject: Re: Biometric question
Date: Sat, 9 Nov 2002 05:31:58 -0800
MIME-Version: 1.0
X-Originating-IP: [68.46.200.39]

Received: from outgoing3.securityfocus.com ([205.206.231.27]) bymc8-f19.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Sat, 9 Nov2002 16:00:25 -0800Received: from lists.securityfocus.com (lists.securityfocus.com[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid43DD2A30B9; Sat, 9 Nov 2002 11:46:47 -0700 (MST)

Received: (qmail 12724 invoked from network); 9 Nov 2002 11:01:31 -0000
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
References: <PAEKJPCAJEJPPMJKIAGOIENNCAAA.naveed.ahmed () vinciti com>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Message-ID: <DAV59VhnwuNCPgQkuic000011eb () hotmail com>

X-OriginalArrivalTime: 09 Nov 2002 11:31:42.0780 (UTC)FILETIME=[93DC27C0:01C287E3]Return-Path:security-basics-return-15881-jacob_kitchel=hotmail.com () securityfocus com


To clarify:retinal scanning is about as effective as fingerprints. Retinal
scanning uses a laser light, often in the green part of the spectrum to scan
the blood vessels of the internal eye. Both methods scan around 90 metric
points. They can easily read false depending on whether or not the
biological sample (in this case eyeball or finger) is placed exactly in the
same position as it was when it was initially scanned. There is, of course,
with most software a threshold setting which will allow readings to require
either a very precise ( a finger must be placed in exactly the same spot
every time on a reader ) or very minimal ( a finger can be placed anywhere
near the center of the reader, but the accuracy drops proportionately )
setting. The best way to go from everything I've seen and read is with iris
scans. Whereas fingerprint and retina scans read around 90 metric points, an
iris scan reads about 250. Iris scans are non-invasive whereas retina scans
require a laser light or other strong light source directed through the
cornea in order to read the vessel pattern in the back of the eye. While
it's allot more expensive, if security, and not money is your concern, I
think iris scanners are the way to go. If you can't "hack" it and you have
to settle w/fingerprint or retinal scanners, I would go for the fingerprint
scanner.

-J

----- Original Message -----
From: Naveed Ahmed <naveed.ahmed () vinciti com>
To: <msconzo () tamu edu>; <security-basics () security-focus com>
Sent: Thursday, November 07, 2002 11:05 AM
Subject: RE: Biometric question


> Michael is right.
> the better ones are ( at least relatively more difficult to fake) retina
> scans and  voice recognition.
> dont go by what tom cruise does in 'minority report' with the eye
balls.!!!
> rgds
> -Naveed
>
> -----Original Message-----
> From: Michael Sconzo [mailto:msconzo () tamu edu]
> Sent: Thursday, November 07, 2002 10:43 PM
> To: security-basics () security-focus com
> Subject: RE: Biometric question
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> One of the more memorable things that I have read about fingerprint
> scanners is:
> http://www.counterpane.com/crypto-gram-0205.html#5
>
> You can basically fake a fingerprint biometric machine with a gummi
> bear.  If I remember correctly, the majority of fingerprint scanners
> are vulnerable to this type of attack. One of the big things to look
> for is one that samples SHAPES not POINTS, and remember the more the
> merrier.
>
> As for other types of biometrics, I am not too sure, hopefully
> somebody else can shed some light on those.
>
> - -mike
>
>
> - -----Original Message-----
> From: Felix Cuello [mailto:felix () qodiga com]
> Sent: Wednesday, November 06, 2002 1:27 PM
> To: security-basics () security-focus com
> Subject: Biometric question
>
>
>
> Hello list!
>
>    I will work in a project where phisical security will be based on
>    biometrics, in fact only will be based on fingerprints biometric.
>
>    How secure are fingerprints?, what biometric are more secure?
> (voice,
>    eye, ??? what else).
>
>    I'm not a security expert :-)
>
>    Thanks a lot,
>
>    Felix
>    [my english is bad... please sorry :-)]
>
> - --
> Felix Cuello
> felix () qodiga com
>
> Qodiga/its
> Av.Santa Fe 882 P.13 Of. "E"
> C.P. ABP1059C
> Tel.: (54) 011 - 4312-1698
> Buenos Aires - Argentina
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy
> DzeFhJhhlLBeyqWGS/NABATs
> =kUtf
> -----END PGP SIGNATURE-----
>


_________________________________________________________________

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.http://join.msn.com/?page=features/virus

Current thread:

Re: Biometric question, (continued)
- - Re: Biometric question Konrad Rzeszutek (Nov 08)
  - Re: Biometric question ATD (Nov 09)
- RE: Biometric question Bryan E. Glancey (Nov 07)
- RE: Biometric question Vince Hillier (Nov 08)
  - RE: Biometric question Naveed Ahmed (Nov 09)
- RE: Biometric question Bryan E. Glancey (Nov 09)
  - R: Biometric question Alessandro Bottonelli (Nov 11)
- RE: Biometric question dporter (Nov 09)
- RE: Biometric question Nero, Nick (Nov 09)
- RE: Biometric Question Cage Uber (Nov 10)
- Biometric question Jacob Kitchel (Nov 11)