On 14/04/05 15:01 -0400, broyds@rogers.com wrote:
> The overall lesson I get from this is that one needs to do a true
> cost-benefit analysis of every authentication scheme. Don't just take the
> "it is more secure" mantra and apply it indiscriminately. We all agreed
> that the value of the owner's finger is greater than the value of the
> Mercedes, so a security technology that can cost the finger while
> protecting the Merc is not a valid cost-benefit trade-off. This seems
> obvious in hindsight, but it probably was not considered in creation
> of the biometric authentication device for the Mercedes.

Wasn't that supposed to be a basic requirement of the security process?
Cost of the security system vs cost of loss of asset?

> This is one problem with nearly all biometric devices. Since they depend on
> biological characteristics for providing the authenticity check, they are
> bypassed/breached by subverting those processes. But subversion of a biologic
> process can have far more catastrophic consequences than bypass of other
> processes such as binary processes.

As Paul said, we need to actually look at failure modes of
authentication systems, and the extent that an attacker will go to to
breach your defenses. Traditionally, actual physical harm has been
positioned as being in the domain of the three letter agencies rather
than being in common use. But when the value of a system being secured
is relatively[1] high enough, we need to consider additional failure
modes as well.

Devdas Bhagat
[1] Relative to the gain available to the attacker in local currency. A
1000 USD laptop is much more valuable to sell in a country where the
monthly income is below 100 USD.
firewall-wizards mailing list