Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bank Automated Teller Machine Biometrics

From: Moz <lists () moz co nz>
Date: Tue, 5 Aug 2003 11:31:14 +1000
Ulisses wrote:

I´ve heard there are flaws in Iris and Facial recognition. Does
anybody know where i can find information about these flaws ?


The most overwhelming flaw is non-replacability.

Once the biometric token is compromised, you've lost the user. If
you're using generic hardware (ie, not building your own), then once
the token is compromised *anywhere* then it's useless. "Compromised"
may mean something as trivial as "being used in an insecure system".
And telling your user to use a different face is... interesting.

The problem with esp facial recognition is that it has to distinguish
between a photo or other model of the face, and the living face. But
it also has to defeat attackers who have unlimited access to the
person being impersonated, as it is a common condition of life that
people don't obscure their faces, so it's easy to get video recordings
of faces... One attack used such video recordings to defeat a number
facial of recognition systems.

Moz


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: