http://www.newsfactor.com/perl/story/18052.html By Jay Lyman NewsFactor Network June 4, 2002 Biometrics have long been the basis of the ultimate security technologies in science fiction -- but can these safeguards, which rely on fingerprints, eyeballs and other personal traits to authenticate users, really secure the enterprise? Recent reports of simple ways to circumvent biometric security systems -- such as the "gummy finger" tactic, which involves a homemade gelatin mold on which a fingerprint is imprinted -- have been embarrassing for the biometrics industry. However, analysts said such breaches will force vendors to improve their technology, which often is used to restrict access to companies' most valuable data. Analysts also stressed the need for layers of security, noting that no security measure can be effective on its own. Indeed, biometric security vendors typically market their products as part of a mix. According to experts, when combined with other security measures, biometrics can pave the way for adoption of safeguards that often are resisted by corporations. Best When Mixed Yankee Group senior analyst Anil Phull told NewsFactor that the best practice for companies using biometric devices is to deploy them with other identification factors, such as passwords, PINs (personal identification number) or other security "tokens." "Any organization that solely relies on a product vulnerable [to] this sort of 'gummy finger' attack will be more at risk if they do not have a second [means of security]," Phull said. However, Phull noted, most vendors sell their biometric security products as part of an overall solution with appropriate security procedures and guidance. Feel and Sound of Security In response to a number of fingerprint-spoofing tactics, including the "gummy finger," SecuGen recently released an optical fingerprint sensor that includes monitoring to detect the sensor's environment. SecuGen CEO Bob Kyle told NewsFactor that the device has not yet been defeated, describing his company's technology as a sensor of a sensor. New technologies that use face or even voice recognition also are being developed or released. For example, Israel-based SentryCom claims that its MobilVoice product allows secure access to the Web from any computer, PDA (personal digital assistant) or other device using voice authentication. Thumb Tab Biometrics also is increasingly showing up in the consumer arena. Once signed up with such a system, consumers can purchase goods and services with the flash of a fingerprint. While such systems are in use for customers at a number of national store chains, retailers and other businesses, some of these systems reportedly can be breached quite easily -- for example, by breathing on a sensor to pick up a latent print or by molding a fake finger to place on the sensor. Enrollment Aide Phull noted that countermeasures that thwart biometrics will continue to proliferate, but he said many biometric-based security tools can serve as easy ways to enroll workers in a larger security system. Despite their weaknesses, Phull added, biometric systems will remain widespread, with enterprises using these often-expensive security technologies for the most sensitive access and information. "The gummy finger is pretty embarrassing, but on the good side, it gets everybody to improve their technology and raise the bar," Phull said. SecuGen CEO Kyle told NewsFactor that his company's technology, which is used by governments, financial institutions, airports and pharmaceutical companies, is a flexible, convenient and accurate type of security. "It's important in a higher level of security to combine different security measures," Kyle said. "The higher the security level, the more you want to add to the mix." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 04:02:20 PDT