Ultimate Computer Security Devices

[InfoSec News <isn () c4i org>]

http://www.newsfactor.com/perl/story/18052.html

By Jay Lyman
NewsFactor Network 
June 4, 2002 

Biometrics have long been the basis of the ultimate security
technologies in science fiction -- but can these safeguards, which
rely on fingerprints, eyeballs and other personal traits to
authenticate users, really secure the enterprise?

Recent reports of simple ways to circumvent biometric security systems
-- such as the "gummy finger" tactic, which involves a homemade
gelatin mold on which a fingerprint is imprinted -- have been
embarrassing for the biometrics industry.

However, analysts said such breaches will force vendors to improve
their technology, which often is used to restrict access to companies'
most valuable data.

Analysts also stressed the need for layers of security, noting that no
security measure can be effective on its own. Indeed, biometric
security vendors typically market their products as part of a mix.

According to experts, when combined with other security measures,
biometrics can pave the way for adoption of safeguards that often are
resisted by corporations.
 
Best When Mixed

Yankee Group senior analyst Anil Phull told NewsFactor that the best
practice for companies using biometric devices is to deploy them with
other identification factors, such as passwords, PINs (personal
identification number) or other security "tokens."

"Any organization that solely relies on a product vulnerable [to] this
sort of 'gummy finger' attack will be more at risk if they do not have
a second [means of security]," Phull said.

However, Phull noted, most vendors sell their biometric security
products as part of an overall solution with appropriate security
procedures and guidance.

Feel and Sound of Security

In response to a number of fingerprint-spoofing tactics, including the
"gummy finger," SecuGen recently released an optical fingerprint
sensor that includes monitoring to detect the sensor's environment.

SecuGen CEO Bob Kyle told NewsFactor that the device has not yet been
defeated, describing his company's technology as a sensor of a sensor.

New technologies that use face or even voice recognition also are
being developed or released. For example, Israel-based SentryCom
claims that its MobilVoice product allows secure access to the Web
from any computer, PDA (personal digital assistant) or other device
using voice authentication.

Thumb Tab

Biometrics also is increasingly showing up in the consumer arena. Once
signed up with such a system, consumers can purchase goods and
services with the flash of a fingerprint.

While such systems are in use for customers at a number of national
store chains, retailers and other businesses, some of these systems
reportedly can be breached quite easily -- for example, by breathing
on a sensor to pick up a latent print or by molding a fake finger to
place on the sensor.

Enrollment Aide

Phull noted that countermeasures that thwart biometrics will continue
to proliferate, but he said many biometric-based security tools can
serve as easy ways to enroll workers in a larger security system.

Despite their weaknesses, Phull added, biometric systems will remain
widespread, with enterprises using these often-expensive security
technologies for the most sensitive access and information.

"The gummy finger is pretty embarrassing, but on the good side, it
gets everybody to improve their technology and raise the bar," Phull
said.

SecuGen CEO Kyle told NewsFactor that his company's technology, which
is used by governments, financial institutions, airports and
pharmaceutical companies, is a flexible, convenient and accurate type
of security.

"It's important in a higher level of security to combine different
security measures," Kyle said. "The higher the security level, the
more you want to add to the mix."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.