Comments on: What do the Cold Boot Crypto Attack, DVD Players, and MiFare tell us about the Future of Biometrics? http://artofinfosec.com/48/what-do-the-cold-boot-crypto-attack-dvd-players-and-mifare-tell-us-about-the-future-of-biometrics/ Random Insights on Protecting Data, Privacy, and Digital Infrastructure Fri, 21 Nov 2008 18:58:45 +0000 http://wordpress.org/?v=2.6.3 By: robert http://artofinfosec.com/48/what-do-the-cold-boot-crypto-attack-dvd-players-and-mifare-tell-us-about-the-future-of-biometrics/#comment-25 robert Wed, 26 Mar 2008 23:09:44 +0000 http://artofinfosec.com/48/what-do-the-cold-boot-crypto-attack-dvd-players-and-mifare-tell-us-about-the-future-of-biometrics/#comment-25 The latter point being raised is critically important, because all these systems will be compromised and fail. The system then just gets "improved", with the new biometric or technology being sold as the silver bullet, until it too is then also compromised. This cycle continues until we are at a point where every identity document must use multiple biometrics with multiple RFID. This may make Digimarc and the companies making the devices happy, but will not improve security for more than the very short run. Systems must be devised where identification is only one part of a secure system, with the acknowledgement that it is not a 100% secure document that can never be compromised. Even implantable identification can be compromised. Identification can only go so far as a stand alone effort to help with security, and efforts to go past a reasonable level of identification are coutnerproductive in the long run. There will never be "tamper proof" identification. The latter point being raised is critically important, because all these systems will be compromised and fail. The system then just gets “improved”, with the new biometric or technology being sold as the silver bullet, until it too is then also compromised. This cycle continues until we are at a point where every identity document must use multiple biometrics with multiple RFID. This may make Digimarc and the companies making the devices happy, but will not improve security for more than the very short run. Systems must be devised where identification is only one part of a secure system, with the acknowledgement that it is not a 100% secure document that can never be compromised. Even implantable identification can be compromised. Identification can only go so far as a stand alone effort to help with security, and efforts to go past a reasonable level of identification are coutnerproductive in the long run. There will never be “tamper proof” identification.

]]> By: Allen Taylor http://artofinfosec.com/48/what-do-the-cold-boot-crypto-attack-dvd-players-and-mifare-tell-us-about-the-future-of-biometrics/#comment-20 Allen Taylor Wed, 26 Mar 2008 01:00:32 +0000 http://artofinfosec.com/48/what-do-the-cold-boot-crypto-attack-dvd-players-and-mifare-tell-us-about-the-future-of-biometrics/#comment-20 Nice writing. You are on my RSS reader now so I can read more from you down the road. Allen Taylor Nice writing. You are on my RSS reader now so I can read more from you down the road.

Allen Taylor

]]>