Comments on: Biometrics http://www.lifeaftercoffee.com/2006/06/05/biometrics/ because I don't believe in life before coffee... Wed, 28 Oct 2009 06:44:36 -0700 http://wordpress.org/?v=2.8.4 hourly 1 By: Donald K. Burleson http://www.lifeaftercoffee.com/2006/06/05/biometrics/comment-page-1/#comment-1639 Donald K. Burleson Thu, 08 Jun 2006 11:35:17 +0000 http://www.lifeaftercoffee.com/2006/06/05/biometrics/#comment-1639 Zach said, >> A successful credential needs to be disposable. I wonder if someone can elaborate on this. From a database perspective, the immediate security question is verifying the real identity of a specific user, and I would think that the best proof of "who I am" might be persistent attributes such as fingerprint, facial recognition, retina and DNA. I don't understand why security credentials need to be transient and "disposable". Can you educate me on this? Zach said,

>> A successful credential needs to be disposable.

I wonder if someone can elaborate on this. From a database perspective, the immediate security question is verifying the real identity of a specific user, and I would think that the best proof of “who I am” might be persistent attributes such as fingerprint, facial recognition, retina and DNA.

I don’t understand why security credentials need to be transient and “disposable”. Can you educate me on this?

]]> By: Zach http://www.lifeaftercoffee.com/2006/06/05/biometrics/comment-page-1/#comment-1609 Zach Wed, 07 Jun 2006 13:28:53 +0000 http://www.lifeaftercoffee.com/2006/06/05/biometrics/#comment-1609 A successful credential needs to be disposable. If it is somehow compromised there has to be a way to change the credential. Biometrics lack this by definition. A <a href="http://www.yubanet.com/cgi-bin/artman/exec/view.cgi/8/28878" rel="nofollow">recent article out of Clarkson University</a> talks about how something as simple as Play-doh can defeat many fingerprint scanners. Obviously technology will improve in response to this, but as 2 cent solutions defeat million dollar research we should question why we're bothering with such a flawed and expensive plan. A successful credential needs to be disposable. If it is somehow compromised there has to be a way to change the credential. Biometrics lack this by definition.

A recent article out of Clarkson University talks about how something as simple as Play-doh can defeat many fingerprint scanners.

Obviously technology will improve in response to this, but as 2 cent solutions defeat million dollar research we should question why we’re bothering with such a flawed and expensive plan.

]]> By: Donald K. Burleson http://www.lifeaftercoffee.com/2006/06/05/biometrics/comment-page-1/#comment-1605 Donald K. Burleson Wed, 07 Jun 2006 12:00:32 +0000 http://www.lifeaftercoffee.com/2006/06/05/biometrics/#comment-1605 >> I think you’d agree that it would be foolish to say this system could not be hacked. Gee, I hope not! I toured NORAD 18 years ago and they used it, as well as in many classified systems and areas. http://dba-oracle.blogspot.com/2005/08/inside-norad-war-room.html Personally, I think that the retinal scanners are also promising. Here is where I think the technology is going, JMHO: http://www.dba-oracle.com/art_dbazine_2020_p1.htm >> I think you’d agree that it would be foolish to say this system could not be hacked.

Gee, I hope not! I toured NORAD 18 years ago and they used it, as well as in many classified systems and areas.

http://dba-oracle.blogspot.com/2005/08/inside-norad-war-room.html

Personally, I think that the retinal scanners are also promising. Here is where I think the technology is going, JMHO:

http://www.dba-oracle.com/art_dbazine_2020_p1.htm

]]> By: Jon http://www.lifeaftercoffee.com/2006/06/05/biometrics/comment-page-1/#comment-1568 Jon Tue, 06 Jun 2006 17:56:25 +0000 http://www.lifeaftercoffee.com/2006/06/05/biometrics/#comment-1568 The point is not only that the finger could be hacked (so to speak) but that perhaps the reader or even the software could be hacked or emulated. Where there's a will there's a way. Look at the evolution of magnetic credit card readers. Twenty years ago it might have been just banks and stores that had them, but a year ago I made one of my own for less than $50. I think you'd agree that it would be foolish to say this system could not be hacked. Most would even agree that it's just a matter of time. Once hacked you can either change reader technology to compensate for the hack or abandon the biometrics. Either solution is expensive. The point is not only that the finger could be hacked (so to speak) but that perhaps the reader or even the software could be hacked or emulated. Where there’s a will there’s a way.

Look at the evolution of magnetic credit card readers. Twenty years ago it might have been just banks and stores that had them, but a year ago I made one of my own for less than $50.

I think you’d agree that it would be foolish to say this system could not be hacked. Most would even agree that it’s just a matter of time. Once hacked you can either change reader technology to compensate for the hack or abandon the biometrics. Either solution is expensive.

]]> By: Donald K. Burleson http://www.lifeaftercoffee.com/2006/06/05/biometrics/comment-page-1/#comment-1566 Donald K. Burleson Tue, 06 Jun 2006 16:48:53 +0000 http://www.lifeaftercoffee.com/2006/06/05/biometrics/#comment-1566 It's interesting that biometrics has been used by the government for decades, and they got around the forgery issue with machines that detect a "live" finger. You cannot "hack" off someones finger and use it for access. . . . I wonder if that is where "hacker" originates? It’s interesting that biometrics has been used by the government for decades, and they got around the forgery issue with machines that detect a “live” finger. You cannot “hack” off someones finger and use it for access. . . .

I wonder if that is where “hacker” originates?

]]>