“PIN and password indicates what you know and what you possess,” he said. “They do not tell you who you are and what you are. Who is presenting the tokens? That’s the fundamental problem.”
Hu suggested that biometrics such as fingerprint, face and iris patterns could improve identity detection, especially when used in conjunction with smartcards.
Research groups at ADFA were developing “fuzzy vaults” and “fuzzy extractors” to extract biometric information for use in encryption, he said.
Although attackers have fooled biometric scanners with photos of fingerprint, face or iris patterns in the past, Hu said “multi-modal biometrics” improved reliability by requiring multiple biometric identifiers.
“Liveliness detection” techniques could also determine if patterns belonged to a living person by using two LEDs with peak emissions at 530 and 640nm to detect certain characteristics of live fingers, he said.
Monday, March 26, 2012
Biometrics and Firewalls
Defense researcher recommends biometric and intrusion detection techniques (ITNews)