[unisog] Biometrics for Active Directory Authentication
mike.wiseman at utoronto.ca
Thu Dec 15 13:54:42 GMT 2005
> Keep in mind they're not that hard to fool:
> I suspect a token-based system, e.g., SecurID, would be far more
> difficult to defeat, but don't recall seeing any solid, objective
> research on that.
Interesting article. But I don't think that a fingerprint sensor is 'easy' to defeat -
making fingerprint models of an unsuspecting user would require a lot of effort. If one is
willing to go this far, stealing a hardware token and capturing a PIN using a keylogger
sounds simpler to me.
I evaluated the Sony Puppy USB fingerprint sensor (model 810) a while back and was
impressed by it. It uses electrical capacitance sensing so perhaps this would distinguish
between a real and fake finger. It also contains a cryptographic chip to do on-board
functions - so it could be used with an x509 cert which, in itself, provides a high level
of authentication assurance and can be used without a server component. They're too
expensive ($200) for my application though.
Computing and Networking Services
University of Toronto
More information about the unisog