biometrics
cryptography at summitsecurity.org
cryptography at summitsecurity.org
Fri Jan 25 20:36:24 EST 2002
Not wanting to have extended contest over this, but all these absolutes in
the comments are just too simplistic. Devices can be made as
tamper-resistant as the threat- and value-model required. I have worked a
lot with zeroizing devices. It's really No Big Deal. Smartcards are
tamper PROTECTED. A ccd retinal scanner can include cryptographic
protections onchip. C'mon, depending on "is-ness" is exactly the same
cat-and-mouse game as authentication technologies that depend on
"have-ness" and "know-ness" attributes. All have strengths and weaknesses.
At 02:55 PM 1/25/02 -0800, cryptography at summitsecurity.org wrote:
>Hi ...
>I think it's safe to say that any system can be made wothless by improper
>or inadequate implementation and that's no more or less true for biometrics
.....
>
>Biometrics cannot be used except if Alice completely and
>reliably has physical control over the device she is using to identify
>Bob. Anyone claiming otherwise is simply wrong. --Perry]
>
A PROPERLY DESIGNED system provides a level of assurance commensurate with
the value and threat models - it may indeed require a combination of
technologies, such as strong authentication of the sensor using
cryptographic techniques, and signal security for confidentiality. That is
all most certainly achievable, to essentially any desirable assurance
level, modulo some dollar amount. Anyone claiming otherwise is simply
wrong :)
<END>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list