Nytro Posted February 11, 2015 Report Posted February 11, 2015 Concerns regarding the security of biometric authenticationFebruary 2, 2015Daniel TomescuMore and more gadgets that we use these days (smart phones, smart watches, etc) try to make a personal connection with the owner via his biometric characteristics.Using biometric measures for authentication purposes is a fast growing trend in the IT world, but there are genuine security concerns regarding the maturity level of these methods and their security faults. How safe is it to use biometrics for authentication? Can they be bypassed? Let’s find out!How to find a good biometric characteristic?At this moment, we have 3 main possibilities for verifying a user’s identity: something that the user knows (like a code or a passphrase), something that the user has (a smart card or a token) or something that the user is (a biometric characteristic).For a biometric characteristic to be considered a valid authentication method, it should have the following properties:Universality, meaning that the feature must be present on all individuals;Measurability, meaning that the feature can be measured and the individuals are willing to share it for measurement purposes;High accuracy, meaning that the feature can be measured with an acceptable error rate;Uniqueness, meaning that the feature should be different for every individual;Robustness, meaning that the feature should not vary in time for the same individual;Circumvention, meaning that the feature should not be easily altered, imitated or replicated by third parties.Although the standards might seem too restrictive, there are a big number of biometric characteristics that meet the requirements above (or at least most of them) and can be used in user recognition.Articol complet: Concerns regarding the security of biometric authentication – Security Café Quote
wildchild Posted February 11, 2015 Report Posted February 11, 2015 (edited) Ar face bine s? posteze ?i aici, s?-i dau +rep. Fain articol!PS: s? scrii ?i ceva despre Palm Vein Authentication, e relativ nou conceptul îns? pare promi??tor. Edited February 11, 2015 by wildchild Quote
TheTime Posted February 11, 2015 Report Posted February 11, 2015 Am o prezentare diseara la Talks #60 pe aceeasi tema. Voi aminti si de recunoastrea venelor, dar tot nu mi se pare o metoda viabila pentru autentificare. Din cate stiu, inca nu a fost sparta si este destul de greu sa imiti structura venelor dintr-un deget sau o mana.Totusi, tehnologia este noua si ma astept sa apara ceva probleme. Mai sunt si senzorii destul de scumpi, comparativ cu un token ce genereaza "one time passwords", deci nu va fi adoptata la scara larga prea curand. Totusi, are timp sa se dezvolte. 1 Quote
