Also, many (perhaps most) biometrics can be trivially forged. Facial pictures are laughable without depth, but a 3D printed mask can probably fool them even then. DNA is trivial to copy using the same methods forensics depend on to ID it (and there are even companies that will produce artificial DNA fingerprints to-order, now). Fingerprints can be cloned using toner, and even enhancements like temperature/humidity.. observe CCC's defeat of the iPhone fingerprint scanner within days of release. On 09/06/14 14:02, Tomas -Overdrive- Petru wrote:
I do not like biometric idea at all, because we can change password, but how can I change biometric measurements in the moment, something goes wrong? E.g. digital copy of biometrics is stolen [and that will happen for sure].
Biometic is useless for me.
˜ Tomas
On 06 Jun 2014, at 20:17, Gregory Foster <gfoster@entersection.org> wrote:
Signed PGP part Federal Business Opportunities (Jun 4) - "Ephemeral Biometrics: An Alternative to Traditional, Event-based Authentication" by Sandia National Laboratories: https://www.fbo.gov/index?s=opportunity&mode=form&id=06e9abca57bdd9dac64902e39f039c4f&tab=core&_cview=0
Sandia National Laboratories is engaged in ongoing research and development into transformational upgrades in the area of cyber identity management as well as Insider Threat Monitoring by using Ephemeral Biometrics (EB). EB is unique because individual identities are tied to living biometric data that is active and continuous. The purpose of the research is to derive convenient authentication techniques (e.g., alternatives to passwords) that are both active and continuous while at the same time significantly improving authenticity and integrity of cyber identities.
"Ephemeral Biometrics: What are they and what do they solve?" by Sung Choi and David Zage of Sandia National Laboratories (2013): https://www.cs.purdue.edu/homes/zagedj/docs/iccst2013.pdf
I'm not really sure what's ephemeral about redefining authentication to mean continuous monitoring.
This work directly targets insider threat concerns raised post-Snowden, and provides further evidence that entities obsessed with secrecy will destroy their own effectiveness in pursuit of an improbable if not impossible definition of "security" which attempts to hermetically seal systems that include human beings.
Good luck with that! gf
-- Gregory Foster || gfoster@entersection.org @gregoryfoster <> http://entersection.com/
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com