Firewall Wizards mailing list archives
Re: Re: Biometrics
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Fri, 15 Apr 2005 01:04:08 +0530
On 14/04/05 15:01 -0400, broyds () rogers com wrote:
The overall lesson I get from this is that one needs to do a true cost-benefit analysis of every authentication scheme. Don't just take the "it is more secure" mantra and apply it indiscriminately. We all agreed that the value of the owner's finger is greater than the value of the Mercedes, so a security technology that can cost the finger while protecting the Merc is not a valid cost-benefit trade-off. This seems obvious in hindsight, but it probably was not considered in creation of the biometric authentication device for the Mercedes.
Wasn't that supposed to be a basic requirement of the security process? Cost of the security system vs cost of loss of asset?
This is one problem with nearly all biometric devices. Since they depend on biological characteristics for providing the authenticity check, they are bypassed/breached by subverting those processes. But subversion of a biologic process can have far more catastrophic consequences than bypass of other processes such as binary processes.
As Paul said, we need to actually look at failure modes of authentication systems, and the extent that an attacker will go to to breach your defenses. Traditionally, actual physical harm has been positioned as being in the domain of the three letter agencies rather than being in common use. But when the value of a system being secured is relatively[1] high enough, we need to consider additional failure modes as well. Devdas Bhagat [1] Relative to the gain available to the attacker in local currency. A 1000 USD laptop is much more valuable to sell in a country where the monthly income is below 100 USD. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Biometrics broyds (Apr 14)
- Re: Re: Biometrics Devdas Bhagat (Apr 14)
- <Possible follow-ups>
- RE: Re: Biometrics Eugene Kuznetsov (Apr 15)