Security Basics mailing list archives

Re: Biometric Alternatives

From: SMiller () unimin com
Date: Thu, 5 Jun 2003 10:11:06 -0400


Unless there have been some earthshaking developments in this field in the
past 8 months, you might want to re-evaluate. Real world results with such
devices has been unpromising so far. The original breaker AFAIKwas when
Japanese researcher Tsutomo Matsumoto fooled a fingerprint scanner by
recording his print on a jellybean. The link below shows the results of
more exhaustive attempts. Also consider Bruce Scheier's observation that
biometric measurements are reduced to a numeric code, if the code can be
obtained, security may be broken by finding another way to input it.
http://heise.de/ct/english/02/11/114/

-Scott Miller


                                                                                                                        
             
                      "Mears,Caleb M"                                                                                   
             
                      <Caleb.M.Mears () business col        To:       <security-basics () securityfocus com>            
                   
                      ostate.edu>                        cc:                                                            
             
                                                         Subject:  Biometric Alternatives                               
             
                      06/04/2003 06:01 PM                                                                               
             
                                                                                                                        
             
                                                                                                                        
             




Hello All,

I am currently evaluating different biometric alternatives to our current
logon system. I have narrowed my search to fingerprint based systems
because as most of our "customers" are students, ease of use is a must and
iris or voice based systems do not seem practical. Keyboards with built-in
scanners are preferred because most of the devices I have found are small
external devices that I imagine will grow legs and walk out the door unless
there is a locking mechanism included with the device. I am looking for
something that will work in conjunction with our current Windows XP
workstations and Windows 2000 server w/ Active Directory; however, we will
be migrated over to Windows 2003 server by the end of the summer so
compatibility with 2003 server is a must. The purpose of this project is to
provide the students with an alternative to remembering their password and
provide quicker logon times. Any good/bad experiences with vendors are
appreciated.

Caleb







---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Biometric Alternatives Mears,Caleb M (Jun 04)
- Re: Biometric Alternatives leifg (Jun 04)
- Re: Biometric Alternatives Jimi Thompson (Jun 04)
- RE: Biometric Alternatives Manuel Fernandes (Jun 04)
- <Possible follow-ups>
- Re: Biometric Alternatives compguruman (Jun 05)
  - RE: Biometric Alternatives Burton M. Strauss III (Jun 05)
- RE: Biometric Alternatives Wilcox, Stephen (Jun 05)
- Re: Biometric Alternatives SMiller (Jun 05)
- RE: Biometric Alternatives JAVIER OTERO (Jun 05)