security

government, privacy, security

Security or Privacy? Yes, please.

Security vs. privacy (Homeland Security Newswire)

Those who ask you to choose security or privacy and those who vote on security or privacy are making false choices. That’s like asking air or water? You need both to live.

Maslow placed safety (of which security is a subset) as second only to food, water, sex, and sleep. As humans we crave safety. As individuals and societies, before we answer the question “security or privacy,” we first have to ask “security from whom or what?” and “privacy from whom and for whom?”

Brazil, development, ID management, India, security

Brazil and India are leading the way to biometric forms of identity verification

SINGULARITY HUB The Brazilian bank Bradesco recently began using a palm vein biometric system called Palm of Your Hand to provide secure log-in on its ATM machines. Clients who choose to use traditional personal identification numbers can continue to do so, but those who go with the new system can forego PINs while simultaneously satisfying the national social security program’s requirement of “proof of life” in order to collect benefits.

In India, the national government is rolling out the largest biometric identification database to date, requiring all of its billion-plus citizens to register in hopes of reducing benefits fraud.

security, technology

But do sophisticated biometric devices really offer a higher level of protection than traditional security methods?

Though biometrics are becoming commonplace, the debate rages over whether they’re effective (IT Security) but… “If one acknowledges and accommodates their limitations, biometric devices can serve as high-quality protection tools for a wide array of systems, applications and services.”

There’s also a short-and-sweet discussion of the “big three” modalities at the link.

passwords, proportionality, security

Interesting usability research out of the University of Washington

Read the whole thing; it’s good. My little quibbles after the quote are meant to reinforce the general point of the research which is “if people won’t use it, it won’t work (and vice versa).” The importance of research is the attempt to identify and quantify, and therefore perhaps predict, how much people will endure before they throw their hands up in the air and quit on the technology.

Technology to Replace Passwords Fails User Tests (PsychCentral)

University of Washington engineers are trying to figure out why fingerprint- and eye- and face-recognition authentication technology have not gone mainstream. They found in a recent study that the user’s experience could be key to creating a system that doesn’t rely on passwords.

“How humans interact with biometric devices is critically important for their future success,” said lead researcher Cecilia Aragon, Ph.D., a UW associate professor of human-centered design and engineering.

“This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don’t get frustrated with.”

So true, but hardly new. Security is, and always has been, a socio-technical system. We’ve all seen a waste basket used to keep a self-locking door propped open. If the security measure is disproportionate to the cost of a security breach, people will reject the system. Thoughtful security planners have always known this and it’s why one of our mantras around here is “biometrics is about people.”

Passwords are also likely to be around for a long, long time, but if biometrics could displace passwords in certain cases and allow for simpler passwords in other cases, that’s a big advance. Where simple passwords (PIN’s) are sufficient today, biometrics should be able to displace them altogether. Where increasingly complex passwords are required today, applying biometrics should allow for simpler passwords such as 4-digit PIN’s.

That’s nothing to sneeze at.

access control, ID management, industry, infrastructure, IT, security, UK

The changing face of security and access control

Gary Hills, Head of capital development at the British Broadcasting Corp. (BBC) had some interesting things to say at the recent FMP London event. [ed. I’m pretty sure FMP stands for Facility Management Professional, but I was shocked to see how popular the acronym is.]

The BBC is considering using biometric access controls at its buildings. (FM World)

Hills said the first phase of the BBC’s review had seen 15 control rooms consolidated into one.

He added: “Access ID is used – not biometrics yet, but [we are] looking at it for the second phase. [We] think it will be more acceptable now as they have it in schools and colleges.

“Security is now more a building management role and the information that comes through the control room can be used more widely for building management.”

Adam Vrankulj at Biometric Update ties the story back to recent industry forecasts for the access control market.

I predict some real upheaval in the market for security systems and access control. So far, large security providers have been able to keep their market walled off from competition from the providers of other types of networked information technology. If increasing numbers of facilities management professionals see the world as Gary Hills does, those days are numbered.

hardware, Information Security, mobile, security

Industry report: mobile malware on the rise

In a departure from our normal biometrics fare, NQ Mobile has a new report [pdf] showing that mobile devices are increasingly being targeted by, and succumbing to, malware developers.

The linked pdf also has a list of the top five most infected markets.

NQ Mobile offers their mobile security suite in both free and premium versions.

Despite warnings that too few people protect access to their mobile device with a PIN, doing so does not prevent authorized users from being tricked into downloading malware. See: The Con is Mightier than the Hack

That means mobile security services are going to be an important factor in keeping the purple bar at the far right of the picture as short as possible.

access control, ID management, IT, logical, network, security

Networked IT ID management in the real world

Passwords are the weak link in IT security (Computerworld)

Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.

All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”

Is there a way out of this scenario? The answer, surprisingly, may be yes.

It goes on from there to cover several different solutions, including biometrics.

access control, security, soccer, stadium

Biometric system keeps excluded man from attending Boca Juniors-River Plate game

Argentina’s derby of derbies ends all-square (The Star – Malaysia) 

Meanwhile, security measures appeared to have worked efficiently after a renowned figure among Boca’s ‘barra brava’ or hooligan fringe was picked up by biometric identification system and was refused entry to the venue.

Mauro Martin tried to get into the game but Interior Minister Florencio Randazzo said he had been caught in the net and was prevented from attending after his fingerprints were checked.

During the summer, Martin required hospital treatment for a gunshot wound suffered in a confrontation between rival Boca hardcore followers.

Here’s the scene yesterday at the ‘Bombonera’ in Buenos Aires. It’s obviously an incredible atmosphere.

Notice that the players seem to be deposited into the center of the field via a long protective tube.

air travel, security

Bureaucratic challenges to faster airport checks

Speeding up airport security checks depends upon airlines ability to work together and with the TSA.

TSA Limited By Airlines In Trying To Speed Airport Checks (Manila Bulletin)

TSA has relied on airlines to nominate PreCheck candidates from among their best customers. Because not all airlines participate, and some consider frequent-flier information secret, a passenger qualifying under one airline can’t use PreCheck if flying another carrier. Agency officials said they don’t have the technical capability now to create a clearinghouse that might resolve the roadblock.

access control, forecast, market, security

Biometrics a key part of growing market for Electronic Security Systems

Growing Security Concerns and Demand from Developing Markets Drives the Electronic Security Systems Market, According to New Report by Global Industry Analysts, Inc. (Press Release via Yahoo & PRWeb)

Another noteworthy trend is the shift in preferences towards integrated electronic access control systems & advanced network systems. Given their ability to enable the integration of existing access control systems with other security services, IP based open-architecture systems will witness increased demand in the next few years, thereby adding to the revenue stream. Access control systems that offer remote access via web browsers or virtual private networks (VPNs) are turning out to be highly popular among businesses organizations, especially SMBs, thereby driving access control system installations. Biometric technologies such as voice and face identification solutions, iris scanners, hand geometry systems, and fingerprint scanners also offer bright prospects for the biometric access control market. Poised to gain are biometric physical access systems, which seamlessly combine with time & attendance, payroll and other human resource application systems.

The global market for Electronic Security Systems (ESS) is projected to reach US$62.5 billion by 2018.

The paragraph quoted above certainly matches what we’ve been seeing in the market lately.

Carnegie Mellon, mobile, security, voice

Making voice biometrics more secure

Carnegie Mellon Voice Verification Technology Prevents Impersonators From Obtaining Voiceprints (India Education Diary)

Computer users have learned to preserve their privacy by safeguarding passwords, but with the rise of voice authentication systems, they also need to protect unique voice characteristics. Researchers at Carnegie Mellon University’s Language Technologies Institute (LTI) say that is possible with a system they developed that converts a user’s voiceprint into something akin to passwords.

The system would enable people to register or check in on a voice authentication system, without their actual voice ever leaving their smartphone. This reduces the risk that a fraudster will obtain the person’s voice biometric data, which could subsequently be used to access bank, health care or other personal accounts.

forecast, industry, security

US Security Industry Analyst Report

Security Products to 2016: US demand to rise 7.3% annually through 2016 (Press Release – SBWire)

This study analyzes the US security products industry. It presents historical demand data for the years 2001, 2006 and 2011, and forecasts for 2016 and 2021 by product (e.g., access controls, alarms, closed-circuit television, contraband detection, electronic article surveillance, automotive) and market (e.g., government and institutional, trade and distribution, industrial, air transport, financial institutions). The study also considers market environment factors, details industry structure, evaluates company market share and profiles industry players.