Re: To see why iris scanning can be a biometric ...

["Tomas L. Byrnes" <tomb () byrneit net>]

To rephrase in language of security;

 

The requirement is a non-repudiable, non-forgeable, single identity
token.

 

The mooted solution is iris scanning, because it is unique, and
supposedly hard to copy.

 

The premise is that this can be used solely on the basis of "something
you have or are" as opposed to the time-honored double verification of
"something you have and something you know".

 

Applying basic logic, this means that the mooted solution is only valid
if the token (the iris) is indeed cryptographically validly (meaning
more complex than the equivalently acceptable crypto algorithm is to
crack or spoof) non clonable/stealable for the required level of access.

 

Since you can always kidnap someone or their family, and hold a gun to
their head to make them scan their own real eye, and if there is no
secondary authentication that could allow for a "I've been compromised"
response, the whole concept of iris scanning as a single token is
busted.

 

The invalidity of just scanning an iris as a means of access control and
authentication has nothing to do with the uniqueness of the iris, and
everything to do with the ease of acquiring a particular iris with the
access you require.

 

Absent the ability to further authenticate the legitimacy of the access
request, to include appropriate response to duress (don't lock out,
allow access and then interdict), any access control method fails the
basic logic of defense against probable attack scenarios.

 

 

 

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Dan Kaminsky
Sent: Friday, August 06, 2010 4:27 PM
To: rmslade () shaw ca
Cc: funsec () linuxbox org
Subject: Re: [funsec] To see why iris scanning can be a biometric ...

 

Anything can be a biometric.  The problem is we leak the damn things all
over the place.

On Fri, Aug 6, 2010 at 8:18 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah <rmslade () shaw ca> wrote:

http://www.photographyserved.com/Gallery/Your-beautiful-eyes/428809

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
After the rush is over, I'm going to have a nervous breakdown.
I've worked for it, I owe it to myself, and nobody is going to
deprive me of it.
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://www.infosecbc.org/links http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.