November 9, 2010 at 5:10 pm
The physical access to our company's entire data centre will soon be controlled by a biometric system. Curious that we should be willing to trust physical access to biometrics, but not data access.
THe key difference is knowing the data might end up in the custody of the attacker... a reality in the world of portable laptops... the goal is to make the data useless to him. There isn't an equivalent risk to a physical facility that would make biometrics an automatic weak spot.
November 9, 2010 at 5:24 pm
The physical access to our company's entire data centre will soon be controlled by a biometric system. Curious that we should be willing to trust physical access to biometrics, but not data access.
There is no physical access barrier that can't be breached. The whole purpose of physical security is to detect and slow the intruder down. Access control is a part of physical security, and whether its a swipe card, biometrics or even a physical security guard, they can all be breached if the intruder has the time, patience, or just brute force. Anyone who says otherwise is having a lend of themselves.
The principals for data access control are the same as for physical security, and that is to deny access to the data for as long as possible - sometimes even to destroy the data so that it cannot be read by an intruder.
The two go hand in hand, and effectively extend the length of time a person/company/security/police force have to catch the intruder.
November 9, 2010 at 9:47 pm
The arguments for and against deterministic Biometric fingerprint analysis, retinal scans, etc. vs immutable password hashing all sound totally ridiculous because there is no one method that is proportionally better than any of the rest. True security involves all the above! The best security involves having so many hurdles to defeat that a hacker, terrorist, spy, whatever, cannot defeat them all before being detected and apprehended. However, if we are to attempt to judge between one protocol from another then the top two security measures are not automated. They are 1. Limited Access and 2. Personal Recognition with possibly a third, Armed Guards. Everything else are merely measures to keep honest people honest.
The keyword I used in my earlier post was "cost-effective"! A cheap "reliable" fingerprint scanner on a laptop may or may not be a "cost-effective" solution to the security of the data contained therein. A cheap "reliable" fingerprint scanner or card reader with encrypted data, and requiring an additional password would be a better solution. But still is it "cost-effective"? That all depends on the relative worth of what you are trying to protect. Relative worth, itself, would differ radically from one person or agency to another. Also, one has to consider "ease of use". The most secure system in the world is totally worthless, if it cannot be easily accessed and information shared between all those who have a valid "need-to-know."
Even the most secure military systems can be broken and are from time time. However, the vast majority of all security compromises (military or corporate) are not purported by outsiders breaking in, but are done by trusted persons with a "need-to-know". Occasionally, compromises occur due to oversights in the policy used to protect the secure information.
This last breech of military secrets by an admin clerk in Afghanistan was more a failure of the DoD security procedures than an outright theft of "classified" documents as stated. If you listened closely to all the news reports, one of the first bits of information was a statement from the DoD, that the information released "was not really classified." Later on, they back-pedaled and have been saying yes it was "classified" information. Having been part of a similar investigation years ago, I knew exactly what had happened. This clerk had sent 91,000+ "unclassified" documents to a now infamous web-site who posted them for the world to see.
In military jargon "unclassified" and a more appropriate term called "FOR OFFICIAL USE ONLY" (FOUO) are synonymous, which means, no matter what he did wrong. But, I assume from that early statement, that no single document was truly of a classified nature. The error in the DoD classification system that has existed since before the Civil War, is that all classifications designations pertain to single documents and in all this time they have never been able to come up with a methodology for quantifying classified indices from a large store of unclassified documents. To explain, simple requests for supplies or personnel transfers, or other innocuous documents individually have no significant classified indicators, however by analyzing (manually or via some trend analysis software) large blocks of innocuous information can be used to detect actual classified war planning information. The military knows all this yet from a legal and official policy standpoint, they have never been able to come up with a way to say 10 FOUO documents are CONFIDENTIAL, or 100 are SECRET, or 100,000 are TOP SECRET. Because of this, when this clerk goes to trial (military court martial) the legal situation will be very ticklish and should be a treat to follow, especially if this young man gets himself a good civilian lawyer. Possibly, they could just convict him of the lesser charges of theft of FOUO information and give him a day in jail per document. It would make a for a really good JAG episode if it hadn't been canceled. Its no wonder they have him locked away like some Guantánamo detainee until all the press coverage has completely subsided.
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." -- Martin Fowler
November 10, 2010 at 6:12 am
Mike Caldwell (11/9/2010)
Now I'm really confused. You're stating that your fingerprint product isn't suitable for security, except where the data it's protecting doesn't matter?
It's a time clock. People punch in for work with it. The fingerprint check is so Jim doesn't punch in for Jack. For that purpose, a fingerprint check hits the spot. If a rogue nation state or a corporate competitor were to get a hold of it and rip it apart and analyze it, then yes, it's "insecure", in the sense that they'd probably be able to fake a punch for Jack into work while he sleeps hung over.
The purpose of encryption is to protect data from disclosure, that's why it was invented. Some people carry secrets on their laptops. Some secrets are source code to their company's flagship products. Some secrets are military in nature, the plans for the next fighter jet. Sometimes data is other people's SSN's or financial or medical records subject to HIPAA etc... Some secrets are their personal cache of child porn. Using encryption implies keeping the data secret probably matters to whoever owns it. Someone who adds one-swipe fingerprint access just gave an attacker their best shot at defeating the encryption all in a single swoop, that's my point in a nutshell.
Ah. In that case, that makes sense. Similar convenience to an RFID chip in a card, but with less recurring expense.
You don't need to continue to lecture. It makes you look pedantic and arrogant.
So, yes, your fingerprint product is okay only because it's not securing anything that really matters. That makes sense. Why didn't you just so in the first place?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 10, 2010 at 6:24 am
GSquared (11/9/2010)
I know what deterministic means.So what you're saying is that you're an industry insider who knows that there's a huge security flaw in the product your company sells, and you're hoping nobody discovers it till after it's been fixed by some quantum breakthrough in the field, and we should take your word for this?
Nothing you wrote is new or unknown, except the claim that it is completely and utterly insecure, does nothing whatsoever for system security, and the product you work on is a complete sham. Which is essentially what you are claiming. Is that correct?
Or is the product secure and what you wrote is misleading?
Forget all the BS arguments about supposed flaws, the use of biometric data's basic flaw is that it's completely irrevocable. Once your fingerprint/retina pattern/DNA becomes converted to data, it's game over, because you *CAN NOT* change it once it's been compromised.
And it will be compromised sooner or later. Which means somebody else can pretend to be you *forever*.
That's the stake driven through the heart of biometrics. Any other concern is just rearranging deck chairs on the Titanic...
November 10, 2010 at 8:30 am
The arguments for and against deterministic Biometric fingerprint analysis, retinal scans, etc. vs immutable password hashing all sound totally ridiculous because there is no one method that is proportionally better than any of the rest.
But there is a method that is proportionally worse than any of the rest and that is the fingerprint. Because...You leave your fingerprints everywhere.
--
JimFive
November 10, 2010 at 8:36 am
roger.plowman (11/10/2010)
GSquared (11/9/2010)
I know what deterministic means.So what you're saying is that you're an industry insider who knows that there's a huge security flaw in the product your company sells, and you're hoping nobody discovers it till after it's been fixed by some quantum breakthrough in the field, and we should take your word for this?
Nothing you wrote is new or unknown, except the claim that it is completely and utterly insecure, does nothing whatsoever for system security, and the product you work on is a complete sham. Which is essentially what you are claiming. Is that correct?
Or is the product secure and what you wrote is misleading?
Forget all the BS arguments about supposed flaws, the use of biometric data's basic flaw is that it's completely irrevocable. Once your fingerprint/retina pattern/DNA becomes converted to data, it's game over, because you *CAN NOT* change it once it's been compromised.
And it will be compromised sooner or later. Which means somebody else can pretend to be you *forever*.
That's the stake driven through the heart of biometrics. Any other concern is just rearranging deck chairs on the Titanic...
Yes. We covered that a few days ago in this. I was just wondering about some statements this guy made about how fingerprint data can't be a substitute for password data because of how it's done. This was about "how", not "why", biometrics is a problem, because of technical limitations on the way it's used.
The other problem with biometrics is it can change without notice too. Get into an argument with a tablesaw and lose access to your bank accounts. Get into a car crash that involves an eye injury and now nobody can get into the server room you administer. Heck, a paper cut might lock you out of your laptop.
It's a stupid "solution" for all of those reasons, and what you mentioned, plus the error rate that's already been mentioned as making it non-deterministic, and a variety of other things.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
November 10, 2010 at 8:47 am
Mike Caldwell wrote, in response to my post:
The key difference is knowing the data might end up in the custody of the attacker... a reality in the world of portable laptops... the goal is to make the data useless to him. There isn't an equivalent risk to a physical facility that would make biometrics an automatic weak spot.
But what if the goal of the attacker is 'to make the data useless' to others? Biometrics then becomes a weak spot, and an entire data centre potentially becomes prey.
November 10, 2010 at 9:13 am
Back to the topic of passwords... first of all I think the question of passwords comes down to two key areas, who are we trying to secure a login against, and how critical is it that the data accessible within that login is kept secure.
In current era of high connectivity, internet services, cloud computing etc, for most people the most critical thing for people to protect is their online identities within a multitude of different services and websites, all of which are more likely to be compromised by some unknown person somewhere else in the world, than someone with access to the persons individual computer. Hell, if local compromise was a major issue for most people why don't the home variants of Windows give an option to require a password to login to them?
I'm very much in favour of people writing down passwords if it means they maintain separate logins to each website / service they use, and use good passwords in each of them. For simple and less important sites, eg facebook, myspace, forums etc, just make a note in a notepad somewhere. For slightly more critical passwords, computer logins etc, then I'd go with the suggestion I first saw from Bruce Schneier a few years back, of writing the password (without username and context) on a bit of paper and putting that in your wallet, with the reasoning that 1) without the other details it's not obvious what it is for, and 2) people tend to protect their wallets more than anything else, including their phones.
Ideally I agree that using long pass phrases would be a great idea, but the only problem I can see with it is the number of places which annoyingly put what I consider short limits on the number of characters allowed. Hell, I believe even Visa's secure code (or it might be mastercard) only allows something like 8 characters.
Obviously with all this the crux comes with how critical the data is. I wouldn't keep my online banking details in a notepad on my desk, I wouldn't keep the domain admin password on a bit of people in my wallet. Like so many things there's no one right answer, but at least if people had more variety with their less important logins, and an easier time of remembering them, being more rigourous with the critical ones would be less of a chore.
For those of us with access to very important passwords the solutions may not be as easy, but then we should and hopefully do know better, and know how to manage it. It's the normal users out there who have the real issues.
November 15, 2010 at 2:59 am
I use the method of using the 1st line of an address.
It contains letters and numbers and can easily have a symbol added to the end.
Then my list contains a clue as to which address
i.e. SiL address !
No one else is going to know the addresses for members of my family (or people I come in contact with).
November 22, 2010 at 10:59 am
I am not opposed to writing down a password so long as it is stored in a protected location. Store your passwords in an encrypted file and then remember the strong password for that location.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
November 22, 2010 at 12:23 pm
No one else is going to know the addresses for members of my family (or people I come in contact with).
Except, of course, members of your family.
--
JimFive
Viewing 12 posts - 46 through 56 (of 56 total)
You must be logged in to reply to this topic. Login to reply