An eye for an aye

Australia is keeping pace with governments around the world with its use of biometric technology. But as Simon Sharwood discovers, we are currently operating in a policy vacuum with technology that is far from perfect.

		Contents Why biometric security? When to use biometrics? Interest and policy Sidebar: Loose lips sink ships?

Why do hackers want to know your kids' names? Ask one and they'll tell you it's the quickest route to guessing an office worker's password, with pets, boats, and the street where you live following not too far behind.

"White" hackers -- security consultants paid to test an organisation's security by trying to break it -- have similar tactics. Some walk into the offices they are investigating wearing a boiler suit with "ACME computer removals" emblazoned across them. Few co-workers raise an eyebrow and their activities attract little or no attention, even though they literally carry PCs out of the building. The ease with which it is possible to accomplish such feats highlights the fragility of authentication tools based on simple safeguards such as passwords or ID cards.

Even more sophisticated solutions like proximity cards or magstripe cards used at many public sector installations are failing, according to John Genner, CEO of biometrics specialist BQT Solutions.

"Proximity and magstripe readers do not provide the security that is needed," Genner says. "These technologies have no encryption on the radio frequency link, no security, no purse, no biometric capability, no encrypted output; [and] no personal details can be embedded on the cards. Finally, data can be easily captured by a portable device, an emulator that behaves like a proximity card with a database of numbers stored in the emulator."

In the government sector, that spells trouble. Banks may guard our money and corporations may be charged with safeguarding our privacy, but in the public sector these requirements are more urgent because of the need to avoid the political fallout that comes with failure.

For the many government agencies with homeland security roles, the stakes are even higher as they maintain secret documents or operate facilities that must not be seen or accessed by unauthorised personnel.

• Related stories

• Alerts

Sign up for an e-mail alert

ZDNet Australia Alerts is an e-mail alert service which provides personalised news, features and reviews to readers’ inbox on an hourly, daily and weekly basis.

Alert:

E-mail: *

Frequency: *

Hourly Daily Weekly

Add alert

Be the first to comment on this article!

Add your opinion

All fields are required

Subject:
Comments:
Full name:
E-mail address:

Your e-mail will not be displayed

Posting options:

Display all details Do not display details

Security Code:

You must read and type the 6 chars within 0..9 and A..F

 

Login

E-mail Password (forgot?)

Login Remember

Sign up and win a iPhone3GS!

Reader Services

Popular Topics

Essentials