[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: Re: HomeVision access control???
- To: ukha_d@xxxxxxx
- Subject: RE: Re: HomeVision access control???
- From: "Paul Gordon" <paul_gordon@xxxxxxx>
- Date: Thu, 29 Jan 2004 16:00:16 +0000
- Mailing-list: list ukha_d@yahoogroups.com; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
>
>No I dont !!!!
>
>Sliced a chunk out of my fingertip last week opening a can of Tuna.
Ouch! - and, - you mean to say you don't have an automated, electric
tin-opener?.... - shame on you!
>
>Even if the damage to the finger hadnt been enough to stop a good read
of
>the
>fingerprint, the bandage enclosing said digit would certainly have left
me
>out
>in the cold...and today is bloody cold!
>
Hmm... well IIRC the one I pointed to does store about 25 individual
fingerprint registrations, so you could register all of your fingers, all
of
SWMBOs, and at least one whole hands' worth of Amber's... (presumably Kye
won't be needing access-authentication for a few more years yet!!)
>I actually attended quite an interesting lecture on Biometrics and one
>point
>that I noted was that things like Fingerprints and Iris Scans etc are
not a
>very good way of identifying people. They are a very good way of
CONFIRMING
>who
>someone is.
>
Hmm... I think that's a *very* subtle distinction, and to my mind,
CONFIRMING identity is the better part of authentication anyway, since I
think that any token-based system is inherently more open to security
failure... any key or token can be acquired by someone else, be it a yale
key, a swipe card or an ibutton..
The traditional answer to this is to combine it with a PIN number, which
certainly helps, but still isn't foolproof, as many people use the same PIN
number for many different services, - rather than having to try to remember
*dozens* of diferent PIN's, and some people even record their PIN numbers
in
various places (I know of at least one person who disguises PIN numbers in
their mobile phone contact book). I've seen countless cases of screens on
desks in offices with the users' password written on a post-it note stuck
to
the front!. Taking it to the extreme, I suppose one could also imagine a
situation where a "nasty person" might "persuade" you
to reveal PIN numbers
under some form of duress... (but even if that's unlikely or extreme), I
guess the scenario of someone rummaging through your bins to discover
personal information isn't quite so....
>The algorithms that deciper the fingerprint or iris scan can NEVER
achieve
>100%
>matching. What they do is identify key points within the image and
match
>those
>to a stored set of data relating to that image. They then mark a score
>against
>it and depending on the score you chose to allow or disallow access.
The
>higher
>the security required, the higher the score required to gain access
even if
>it
>means multiple attempts to get in.
>
Hmm... I only have limited experience of actually using these technologies,
- specifically with fingerprint recognition, but the experiences *I* had
were all quite positive... I was never once able to fool the
fingerprint-based logon system when I wasn't enrolled into it, and didn't
experience a single failure after I had been enrolled... but I guess that
was in ideal conditions, and of course this may vary in the real world....
>In order to get a fast enough response time you need to know who the
person
>claims to be before you start.
>
That't completely true of course, but not IMHO a problem in the application
of entry control to a private dwelling... - How many people do you give a
copy of your front door key to?... I'll wager that: a) it's a very small
number, and b) you know exactly who they are... now translate that to the
biometric control model, and it seems to me to be very simple to enrol the
required individuals into the system... again, I'll bet that most (if not
all) of they keyholders to your home have been to your house at some point,
- usually, (speaking for myself of course), when I give someone a key to my
house, they *HAVE* to visit me before they can use the key, so that I can
show them how to disarm the the alarm, how to arm it again when they leave,
where various things are, and so on...
In a domestic situation, you just don't tend to have either large numbers
of
candidates to identify, nor complete strangers to be granted access....
>
>Access tokens like iButtons, Cards and Tags can be made extra secure
>against
>fraudulant use by the addition of a PIN. The doors at work are like
that.
>some
>only require the card to be passed over the reader, others also require
a
>PIN.
>Every card has its own unique profile associated with it giving total
>control
>over access rights.
>
>Biometrics can be made more accurate by using it as a means of
Verification
>rather than Identification.
>
Absolutely... but... so long as the other method isn't token-based. - so
basically a biometric, plus a PIN number.... but what about two
biometrics.... how about fingerprint, plus facial recognition?... I'm
aspiring to achieve the aim of making it as passive and transparent as
possible for the end-user. - Entering a PIN number is too onerous a
requirement to get past SWMBO.... if a passive system like a facial
recognition could have done the IDENTIFICATION phase whilst SWMBO was
walking up the front path, so that she only had to do a quick/easy finger
scan to complete the VERIFICATION, that's got much higher WAF.... (as long
as it worked!)
Or what about blurring the line completely between biometric & token
based
systems?... I'm thinking of the Kevin Warwick scenario, where the
"token" in
inserted into the carrier... - does this then become a biometric method
since it is unque to the user's body?... (again, I'm unlikely to persuade
SWMBO that she needs to go & have a chip implanted...)
>What was quite funny at the lecture was the ease with which some
systems
>could
>be fooled. A facial recognition system took 5 attempts before it let
the
>person
>in even though we could see both the stored image and camera image on
the
>screen and they looked the same. They the fooled the system by holding
up a
>black and white photo of the person and it let the imposter in first
go!!!
>
>Keith
>
All very valid points, and a reminder that security is never quite as
straightforward as it seems.....
Obviously, all IMHO, and I'll confess up front to being a bit of a fan of
biometric authentication in principle...
Paul G.
_________________________________________________________________
Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
UK Home Automation Meet 2004 - BOOK NOW!
http://www.ukha2004.com
http://www.automatedhome.co.uk
Post message: ukha_d@yahoogroups.com
Subscribe: ukha_d-subscribe@yahoogroups.com
Unsubscribe: ukha_d-unsubscribe@yahoogroups.com
List owner: ukha_d-owner@yahoogroups.com
Home |
Main Index |
Thread Index
|