-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Federal Business Opportunities (Jun 4) - "Ephemeral Biometrics: An Alternative to Traditional, Event-based Authentication" by Sandia National Laboratories: https://www.fbo.gov/index?s=opportunity&mode=form&id=06e9abca57bdd9dac64902e39f039c4f&tab=core&_cview=0
Sandia National Laboratories is engaged in ongoing research and development into transformational upgrades in the area of cyber identity management as well as Insider Threat Monitoring by using Ephemeral Biometrics (EB). EB is unique because individual identities are tied to living biometric data that is active and continuous. The purpose of the research is to derive convenient authentication techniques (e.g., alternatives to passwords) that are both active and continuous while at the same time significantly improving authenticity and integrity of cyber identities.
"Ephemeral Biometrics: What are they and what do they solve?" by Sung Choi and David Zage of Sandia National Laboratories (2013): https://www.cs.purdue.edu/homes/zagedj/docs/iccst2013.pdf I'm not really sure what's ephemeral about redefining authentication to mean continuous monitoring. This work directly targets insider threat concerns raised post-Snowden, and provides further evidence that entities obsessed with secrecy will destroy their own effectiveness in pursuit of an improbable if not impossible definition of "security" which attempts to hermetically seal systems that include human beings. Good luck with that! gf - -- Gregory Foster || gfoster@entersection.org @gregoryfoster <> http://entersection.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJTkgW/AAoJEMaAACmjGtgjxLIQALl48hrZKW1sWVWyIKcsb7hu 0ZPYm/FRrYnNHwAeAN/vWdVxrUyhRLKBCs+2H8v5C7Na2df1AqInZ1H9AGD1j84M iwZtHWMVkFvkcVDW+NMINRoHSjUdrPqIh+RP0KseMZTPTaelSD+tVEmUedSzOLgV km/OZ5URefIRSFjP3p6pA+YxZoZOU8UlwSxJFv9o4Vs/k1lwLDE+BYErabTXrFoe MWJhKhQWpisLD6QGBq+LRcTq+P+fpJlu6pRJFQR8mUIWsgZwr4OtQvXxjXFDO16K jaBVBSB0bdgQV4d8HLJE1dJek3fe1q9i9YEYBL2p91voTTKmPwkDIcmj9X9ZfNR1 lO5AXZh1H+rhO1OAfqlkvI0VYxAzO7AerKS+tPwh0lw3VSZYiBZawtJb3t/2snF9 R/02NRXfKZOFqKUQUH1bRkrFuKDRudmhtomafCek1MShVgR9BlAjFHcMjFa0gXBy FUo1D8ouzWYfwAM/0eVwDX9YAMX3tr3vl0KopFTEyFzolIapg9wbDeesIn4mu24P 8zDJUew+5wcHTc9ZPFZhdh6xGC9SoLvAPaqVTTSx3tTcxbdIouiIWyaQUOXNdteb KM9FEa+e9j5TggnaxuNuDpbBXVlKlou9oee/vge7OdS0EHqStPthckt3Vhp0Lv59 HzJ56AjJ0zh2iRLX/9Wt =KZuq -----END PGP SIGNATURE-----
I do not like biometric idea at all, because we can change password, but how can I change biometric measurements in the moment, something goes wrong? E.g. digital copy of biometrics is stolen [and that will happen for sure]. Biometic is useless for me. ˜ Tomas On 06 Jun 2014, at 20:17, Gregory Foster <gfoster@entersection.org> wrote:
Signed PGP part Federal Business Opportunities (Jun 4) - "Ephemeral Biometrics: An Alternative to Traditional, Event-based Authentication" by Sandia National Laboratories: https://www.fbo.gov/index?s=opportunity&mode=form&id=06e9abca57bdd9dac64902e39f039c4f&tab=core&_cview=0
Sandia National Laboratories is engaged in ongoing research and development into transformational upgrades in the area of cyber identity management as well as Insider Threat Monitoring by using Ephemeral Biometrics (EB). EB is unique because individual identities are tied to living biometric data that is active and continuous. The purpose of the research is to derive convenient authentication techniques (e.g., alternatives to passwords) that are both active and continuous while at the same time significantly improving authenticity and integrity of cyber identities.
"Ephemeral Biometrics: What are they and what do they solve?" by Sung Choi and David Zage of Sandia National Laboratories (2013): https://www.cs.purdue.edu/homes/zagedj/docs/iccst2013.pdf
I'm not really sure what's ephemeral about redefining authentication to mean continuous monitoring.
This work directly targets insider threat concerns raised post-Snowden, and provides further evidence that entities obsessed with secrecy will destroy their own effectiveness in pursuit of an improbable if not impossible definition of "security" which attempts to hermetically seal systems that include human beings.
Good luck with that! gf
-- Gregory Foster || gfoster@entersection.org @gregoryfoster <> http://entersection.com/
Also, many (perhaps most) biometrics can be trivially forged. Facial pictures are laughable without depth, but a 3D printed mask can probably fool them even then. DNA is trivial to copy using the same methods forensics depend on to ID it (and there are even companies that will produce artificial DNA fingerprints to-order, now). Fingerprints can be cloned using toner, and even enhancements like temperature/humidity.. observe CCC's defeat of the iPhone fingerprint scanner within days of release. On 09/06/14 14:02, Tomas -Overdrive- Petru wrote:
I do not like biometric idea at all, because we can change password, but how can I change biometric measurements in the moment, something goes wrong? E.g. digital copy of biometrics is stolen [and that will happen for sure].
Biometic is useless for me.
˜ Tomas
On 06 Jun 2014, at 20:17, Gregory Foster <gfoster@entersection.org> wrote:
Signed PGP part Federal Business Opportunities (Jun 4) - "Ephemeral Biometrics: An Alternative to Traditional, Event-based Authentication" by Sandia National Laboratories: https://www.fbo.gov/index?s=opportunity&mode=form&id=06e9abca57bdd9dac64902e39f039c4f&tab=core&_cview=0
Sandia National Laboratories is engaged in ongoing research and development into transformational upgrades in the area of cyber identity management as well as Insider Threat Monitoring by using Ephemeral Biometrics (EB). EB is unique because individual identities are tied to living biometric data that is active and continuous. The purpose of the research is to derive convenient authentication techniques (e.g., alternatives to passwords) that are both active and continuous while at the same time significantly improving authenticity and integrity of cyber identities.
"Ephemeral Biometrics: What are they and what do they solve?" by Sung Choi and David Zage of Sandia National Laboratories (2013): https://www.cs.purdue.edu/homes/zagedj/docs/iccst2013.pdf
I'm not really sure what's ephemeral about redefining authentication to mean continuous monitoring.
This work directly targets insider threat concerns raised post-Snowden, and provides further evidence that entities obsessed with secrecy will destroy their own effectiveness in pursuit of an improbable if not impossible definition of "security" which attempts to hermetically seal systems that include human beings.
Good luck with that! gf
-- Gregory Foster || gfoster@entersection.org @gregoryfoster <> http://entersection.com/
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
Dnia poniedziałek, 9 czerwca 2014 14:10:54 Cathal Garvey pisze:
Also, many (perhaps most) biometrics can be trivially forged. Facial pictures are laughable without depth, but a 3D printed mask can probably fool them even then. DNA is trivial to copy using the same methods forensics depend on to ID it (and there are even companies that will produce artificial DNA fingerprints to-order, now). Fingerprints can be cloned using toner, and even enhancements like temperature/humidity.. observe CCC's defeat of the iPhone fingerprint scanner within days of release.
BUT IT'S SO COOOL! I mean, it's like XXI Century Technology, but today! You know, you swipe a finger and SHAZZAM, you're authenticated! It's *magic*! -- Pozdr rysiek
XXI Century Tech in the sense that it's powerless against the faceless organisations who rule over we e-peasants? :) On 09/06/14 14:25, rysiek wrote:
Dnia poniedziałek, 9 czerwca 2014 14:10:54 Cathal Garvey pisze:
Also, many (perhaps most) biometrics can be trivially forged. Facial pictures are laughable without depth, but a 3D printed mask can probably fool them even then. DNA is trivial to copy using the same methods forensics depend on to ID it (and there are even companies that will produce artificial DNA fingerprints to-order, now). Fingerprints can be cloned using toner, and even enhancements like temperature/humidity.. observe CCC's defeat of the iPhone fingerprint scanner within days of release.
BUT IT'S SO COOOL! I mean, it's like XXI Century Technology, but today! You know, you swipe a finger and SHAZZAM, you're authenticated! It's *magic*!
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
Oh I fully expected as much! On 09/06/14 14:37, rysiek wrote:
Dnia poniedziałek, 9 czerwca 2014 14:28:16 Cathal Garvey pisze:
XXI Century Tech in the sense that it's powerless against the faceless organisations who rule over we e-peasants? :)
I hope you do realise there was a fair amount of sarcasm in my message. :)
-- T: @onetruecathal, @IndieBBDNA P: +353876363185 W: http://indiebiotech.com
On Mon, Jun 9, 2014 at 9:10 AM, Cathal Garvey <cathalgarvey@cathalgarvey.me> wrote:
Also, many (perhaps most) biometrics can be trivially forged. Facial pictures are laughable without depth, but a 3D printed mask can probably fool them even then. DNA is trivial to copy using the same methods forensics depend on to ID it (and there are even companies that will produce artificial DNA fingerprints to-order, now). Fingerprints can be cloned using toner, and even enhancements like temperature/humidity.. observe CCC's defeat of the iPhone fingerprint scanner within days of release.
Biometrics suck for privacy and security because you're often giving them a sample of the raw biodata itself... your picture, palmprint, dna. They have that and can use it against you or lose custody and you yourself have been compromised with no own fault of yours and cannot go back. Now if you give it to your own machine which makes and presents a hash to others, you are safer there. But no more secure than former. Two factors of 'know' and 'have' with threat of sanction usually works fine. ie: HOTP, secureid, key+pin, your own biohash, etc. Be careful what you wish for, some holes have value.
participants (5)
-
Cathal Garvey -
grarpamp -
Gregory Foster -
rysiek -
Tomas -Overdrive- Petru