Endpoint Protector Appliance: Stop data theft on Windows and Mac

Air France tries out biometric boarding cards

March 30th, 2009 by Agent Smith (0) Data Encryption,In The Spotlight

Biometric security is on the rise, as new possibilities to use it come into shape, from entrance access and USB card security to the lastest trick: biometric boarding cards, a new usage thought up by Air France. What are they testing? RFID-equipped smartcards which store passenger fingerprints to allow automated boarding, according to the Register.

How does the card do the trick? It is said to contain an encrypted version of forefinger and thumb prints for each passenger. It would be used dedicated gate, which checks the card, compares it to the passenger’s finger or thumb print and if it matches, it opens the gate. No clerk, no time wasted, all simple and easy.

This little baby can be re-used up to 500 times. It also has a barcode inserted into it, containing all the information a traditional paper boarding pass. Said passenger can check in online, insert their card into a dedicated machine withing the airport, get the flight info and seat number printed onto the card. According to Air France, getting such a card takes only a couple of minutes.The also claim once the information is transmitted to the card, it isn’t stored elsewhere, so your data is safe.

If you’re as impressed as I am and want a similar gadget, you have until the end of the year to become and AF frequent flier to be eligible for one. For a first hand experience, you’ll have to fly between Paris and Amsterdam. I think I’ll wait until they extend the program though!

Laptop Facial Recognition Takes Hard Blow

Facial recognition is one of the very well known methods employed by biometric security systems. It’s used in different complicated security systems, but also on more day-to-day devices, such as laptops.

A group of white hat security researchers have recently managed to bypass the facial recognition systems employed by several laptops. According to the Register, the laptops that have had their biometric security breached are developed by Lenovo, Asus and Toshiba. The researchers’ team includes and they have also detailed their findings in a presentation called Your Face is NOT your Password during the Blackhat security conference in Washington.

You might wonder if it was hard to breach the facial recognition systems. The team responsible for this breaches used images of laptop owners or photoshopped images:

Nguyen and his team created a large number of images to run what they described a “fake face bruteforce” attack to fool the systems, which in fairness are still in their infancy, into allowing a log-on. The approach can be compared to trying out a huge number of possible text passwords until the right combination is stumbled upon as part of a conventional brute-force dictionary attack.

While trying to find a practical security use for biometric traits, the developers at Lenovo, Asus and Toshiba should reconsider the efficiency of their facial recognition software. We admire the fact that they lead research and implementation in the field, but we’d appreciate safer systems more :)

The Latest Trick in Biometrics: Finger Vein Authentication

February 13th, 2009 by Agent Smith (3) In the News,In The Spotlight

When I say biometrics, most people think of fingerprints, face recognition, eye scanning and other cool but rather common tricks we’ve seen in movies and run across in real life. I might add a ear scan from some Batman movie, but that’s it.

Sony has come up with a new idea, recently covered by The Register in its Hardware section. It’s a camera-based system that analyses veins in people’s fingers. This new technology also comes with it’s own name: Mofiria.

Mofiria Technology by Sony

Photo credit

How does the new biometric tech work?

Here’s the explanation given by the Register:

The user first lays one side of their index finger down on a small pad, after which a series of LEDs shine infrared light onto it. A CMOS sensor sat on the other side of the finger then picks up light scattered off of the veins inside the user’s finger.

Why is this better than other technologies in the biometrics field?

I found the answer to this question in Sony’s official press release. I’m still waiting for some comparative reviews and tests. If you happen to run across one, feel free to share it in the comment box.

Compared to the other biometric authentication techniques, vein authentication technology achieves higher accuracy on personal identification and forgery resistance because it uses the veins inside the human body. Finger vein patterns differ from person to person, each finger to finger, and it is said that they do not change over the years.

I am looking forward to an action movie depicting a breach of this new technology :)

A Critical Look at Biometrics Security

October 29th, 2008 by Agent Smith (0) endpoint security

Biometrics security systems are cool and receiving quite a lot of media exposure. They are also starting to become common place, as more devices, such as laptops, start to implement them and thus individual users gain access to these technologies. But are these security devices really effective?

ITSecurity.com has recently published and extensive article analyzing the pros and cons of different biometric measurement, such as fingerprints, iris and facial traits. While fingerprint readers can be fooled with latex copies, more secure readings, based on iris or facial recognition, are either expensive or restrictive. For example eye/iris readings leave out disabled personnel. However, fingerprind readers are common place and anyone can recognize them and understand their utility.

In the end, the most effective biometric security system seems to be based on facial readings. This metric isn’t exclusive when it comes to the people it can scan, but access is definitely restricted by costs. So what would you choose? Higher quality or a lower cost?

Builders of London Olympics Site – Biometricaly Authenticated

March 5th, 2008 by Agent Smith (0) DLP,In the News,security breach

All workers involved in building the London Olympic site for the 2010 games will go through a thorough biometric authentication process. The biometric screening will consist of a two-tier process, reports the Times, palm-print reading and face recognition. A total of 100,000 workers will have to comply with this security requirement until the completion of the Olympic site. If the system works, it might also be used for stadium ticket holders.

The biometric screening project is on the other hand already rising serious questions about the level of protection it can provide for private data:

The use of biometrics is part of a £354 million strategy to secure the 500-acre Olympic Park during its construction, which starts in June. But it has raised concerns about data protection among unions and civil liberty groups.

Alan Ritchie, general secretary of Ucatt, the main construction union, said: “We do not foresee a problem, providing the ODA [Olympic Delivery Authority] guarantee that the biometric data will not be passed on to any third parties and will be wiped once the project is complete.”

The methods employed to prevent data losses, theft or security breaches aren’t clear for now. I’d recommend a thorough analysis of what endpoint security and DLP solution will be chosen to make sure biometric data is not lost or stolen before its final deletion at the end of the project.

Is Biometric Authentication a Must for USB Sticks?

February 19th, 2008 by Agent Smith (0) DLP,endpoint security

Starting as cool give-aways, easily brandable and not taking too much space, USB sticks have developed into quite efficient means of carrying data to and from PCs. As numbers of mobile employees and freelancers numbers increase, fast and easy means of carrying information around gains more attention. And with that attention the threats of having proprietary information and private details lost and stolen increases.

As endpoint security evolves, so do protection forms, varying more and embedding the latest technology. So why would a USB stick need biometrics, if passwords and data encryption are already available? To answer that question, we first need to better define biometrics. The term covers the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. According to Wikipedia, there are two major categories used to divide biometric traits:

  • physiological – related to the shape of the body. The oldest traits, that have been used for over 100 years, are fingerprints. Other examples are face recognition, hand geometry and iris recognition.
  • behavioral – related to the behavior of a person. The first characteristic to be used and still very popular today is the signature. More modern approaches are the study of keystroke dynamics and of voice.

So, what is so special about biometrics-based authentication? It is believed to be impossible to reproduce or forge. Besides, you don’t have to worry about misplacing the encryption key or forgetting the 8 character password you cleverly invented.

That is of course an amazing idea to keep your data safe if you are not part of the group that believes stories in spy movies are true. We’ve all seen passwords of 6 alphanumeric characters broken in less than a minute, haven’t we? Or eyes being remade and fingerprints “printed” within seconds.