[Dave Birch] Jerry Fishenden pointed me to this extract from Mythbusters.  My kids love Mythbusters, which is a show on the Discovery Channel where a couple of guys set up experiments to test "myths" like: would a penny dropped from a skyscraper kill someone?  I like the show because they design and build the experiments themselves: they don’t take anyone’s word for anything.  I wonder if they’ll be showing Episode 59 at Biometrics 2006?

Technorati Tags:

Fingerprint authentication in at a door is attractive because of convenience, not security (remember the case of the Scottish jail that had to turn off it’s new fingerprint access control system because prisoners could fool it at will).  But so far as customer convenience is concerned, there is a significant limitation on such biometrics.  It is one thing to use your fingerprint in a bank branch or social security office — where the device is under supervision and might reasonably be assumed to have not been tampered with — and quite another to use your fingerprint at a device in an insecure location (eg, a petrol station), a device that may have been subverted by criminals trying to capture fingerprints.  Using your fingerprint at home is a non-starter for the time being.  Apart from the issue of coercion, the fact is that PCs are very insecure and there is no possibility of trusting them or anything connected to them.  If a fingerprint reader attached to my PC tells the bank that my finger is on it, how does the bank know whether that is true or whether the reader has been tampered with? It may be replaying my fingerprint when actually a criminal is logging in.

One factor authentication in these circumstances is a bad idea, whether the one factor is a fingerprint or a password.  Two factor authentication, especially two factor authentication where one of the factors is tamper-resistant hardware (eg, a smart card) and the other factor is a convenient biometric (eg, a voice print) might be an optimal combination.

3 comments

  1. They worked out the terminal velocity of the penny then builta machine to fire a penny at exactly that speed. They fired it into gel first, then fired it at one of them.

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: