Last night I went to a gathering hosted by Minnesota Security Professionals who were hosting a night talking about biometrics. I will share what I learned.
Security is interesting but I do not have a lot of experience and I have nothing on these guys. That said, they were an amazing group. I walked in and this behemoth shook my hand, introduced himself, told me a bit about the group and told me where I could order drinks. This man could probably tear me limb from limb then stuff me into a hand-murdered bear.
I sat at a table with another person who was there for the first time. She actually worked as a network security professional so her interests were more professional but her and I talked a bit about security as a concept rather than protocols. Also at the table was the presenter of that evening's talk, who was also eager to chat up a new guy.
Going into the gathering I had no idea what to expect. I wasn't sure if these were going to be security dogs and bouncers. Maybe a bunch of cypher-punks. Perhaps even a group of malicious neckbeards meeting under an ambiguous name to avoid suspicion while wearing tinfoil hats. Nope, these were people on the smart edge of technology meeting to hear stories, network, hang out, get the scoop, and have a beer. Some people even got work credit for attending.
Biometrics is identifying people by traits unique to them. Recognizing your friend by the way he walks or answers the phone is employing biometrics. Cool. Recognizing someone's face, biometrics.
There are two types, physical, "What you are," and behavioral, "What you do."
Physical biometrics touched on during the lecture. Pun intended.
Behavioral biometrics covered in the lecture.
Iris patterns were the most impressive bit covered by the speaker. Iris patterns can be quickly matched, taken with an IR camera, and much of India is working toward a universal identification system where iris scanning is commonplace. If iris scanning were standard at my bank I would feel a bit better.
The last part I wanted to talk about was the templates used by biometric security. When a fingerprint is sent to the FBI for identification they don't compare the image to a bunch of other images. The process is to extract the important vectors from the image and match those vectors to the vectors of other templates. Someone made the comparison of taking a hash from the image which the speaker said is not entirely accurate but I think it makes the point. He also stressed that the original cannot be duplicated from a template so if someone steals all the fingerprint templates they can't recreate anything.
Enough background.
----------
Minnesota Security Professionals had a meeting which I attended since the topic was biometrics. The purpose was to learn about different methods of identifying a person to a computer. Purely digital methods, such as RFID, and passwords, are in use while fingerprints and iris scanning are feasibly and economical. Other modalities were covered as well as their advantages and flaws.
During personal conversation with another attendee over using NFC as a method of vehicle entry she mentioned the approach to security should make the system slightly stronger than the desire to break it. NFC car entry to a fifteen year old car is logical.
Security is interesting but I do not have a lot of experience and I have nothing on these guys. That said, they were an amazing group. I walked in and this behemoth shook my hand, introduced himself, told me a bit about the group and told me where I could order drinks. This man could probably tear me limb from limb then stuff me into a hand-murdered bear.
I sat at a table with another person who was there for the first time. She actually worked as a network security professional so her interests were more professional but her and I talked a bit about security as a concept rather than protocols. Also at the table was the presenter of that evening's talk, who was also eager to chat up a new guy.
Going into the gathering I had no idea what to expect. I wasn't sure if these were going to be security dogs and bouncers. Maybe a bunch of cypher-punks. Perhaps even a group of malicious neckbeards meeting under an ambiguous name to avoid suspicion while wearing tinfoil hats. Nope, these were people on the smart edge of technology meeting to hear stories, network, hang out, get the scoop, and have a beer. Some people even got work credit for attending.
Biometrics is identifying people by traits unique to them. Recognizing your friend by the way he walks or answers the phone is employing biometrics. Cool. Recognizing someone's face, biometrics.
There are two types, physical, "What you are," and behavioral, "What you do."
Physical biometrics touched on during the lecture. Pun intended.
- Fingerprints
- Palm prints
- Iris pattern
- Retina pattern
- Vascular pattern.
- DNA sequence
- Ear geometry
- Hand geometry
- Brain waves
- Thermography
- Cardiac pattern
- Odor
- Skin texture
Behavioral biometrics covered in the lecture.
- Gait, walking pattern
- Voice
- Keystroke style
- Signature
Iris patterns were the most impressive bit covered by the speaker. Iris patterns can be quickly matched, taken with an IR camera, and much of India is working toward a universal identification system where iris scanning is commonplace. If iris scanning were standard at my bank I would feel a bit better.
The last part I wanted to talk about was the templates used by biometric security. When a fingerprint is sent to the FBI for identification they don't compare the image to a bunch of other images. The process is to extract the important vectors from the image and match those vectors to the vectors of other templates. Someone made the comparison of taking a hash from the image which the speaker said is not entirely accurate but I think it makes the point. He also stressed that the original cannot be duplicated from a template so if someone steals all the fingerprint templates they can't recreate anything.
Enough background.
----------
Minnesota Security Professionals had a meeting which I attended since the topic was biometrics. The purpose was to learn about different methods of identifying a person to a computer. Purely digital methods, such as RFID, and passwords, are in use while fingerprints and iris scanning are feasibly and economical. Other modalities were covered as well as their advantages and flaws.
During personal conversation with another attendee over using NFC as a method of vehicle entry she mentioned the approach to security should make the system slightly stronger than the desire to break it. NFC car entry to a fifteen year old car is logical.
Notes page 1
Notes page 2
Notes page 3
Journal page
A list showing of all the final posts of COMPLETED projects.
Disclaimer for http://24hourengineer.blogspot.com/
This disclaimer must be intact and whole. This disclaimer must be included if a project is distributed.
All
information in this blog, or linked by this blog, are not to be taken
as advice or solicitation. Anyone attempting to replicate, in whole or
in part, is responsible for the outcome and procedure. Any loss of
functionality, money, property or similar, is the responsibility of
those involved in the replication.
All digital communication regarding the email address 24hourengineer@gmail.com becomes
the intellectual property of Brian McEvoy. Any information contained
within these messages may be distributed or retained at the discretion
of Brian McEvoy. Any email sent to this address, or any email account
owned by Brian McEvoy, cannot be used to claim property or assets.
Comments
to the blog may be utilized or erased at the discretion of the owner.
No one posting may claim claim property or assets based on their post.
This blog, including pictures and text, is copyright to Brian McEvoy.
Comments
Post a Comment