[ISN] REVIEW: "Biometrics for Network Security", Paul Reid

InfoSec News isn at c4i.org
Tue Oct 5 07:30:26 EDT 2004

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade at sprint.ca>

BKBIOMNS.RVW   20040527

"Biometrics for Network Security", Paul Reid, 2004, 0-13-101549-4,
%A   Paul Reid
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2004
%G   0-13-101549-4
%I   Prentice Hall
%O   U$44.99/C$67.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0131015494/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/0131015494/robsladesin03-20
%P   252 p.
%T   "Biometrics for Network Security"

In the preface, Reid presents biometrics as the cure for all network
security ills.  Given his employment, with a company that sells
biometric systems, this enthusiasm is understandable, if not totally

Part one deals with introduction and background.  Chapter one is the
introduction--mostly to the book.  The definition of biometrics itself
is very terse.  Authentication technologies are promised in chapter
two--which starts out by repeating the all-too-common error of
confusing authentication with identification.  Reid then pooh-poohs
passwords and tokens and praises biometrics as strong authentication,
without dealing with the fact that a biometric is the ultimate static
password, or addressing the technologies (and associated error rates)
needed to make biometrics a viable authentication factor.  Privacy is
confused with intellectual property, access control, and improper
employee monitoring in chapter three.

Part two lists biometric technologies.  Chapter four is a disorganized
amalgam of factors generally involved in biometric use and
applications.  Fingerprint features are reviewed in chapter five with
incomprehensible explanations and unclear illustrations.  Attacks
against fingerprint technologies and systems are raised--but are
usually dismissed in a fairly cavalier manner.  Similar examinations
are made of face (chapter six), voice (seven), and iris (eight)

Part three looks at implementing the technologies for network
applications.  Chapter nine compares the four biometrics from part
two, in general terms, and states measures that are rather at odds
with other biometric literature.  Reid makes a big deal out of simple
error rate metrics in chapter ten.  Most of chapter eleven talks about
hardening biometric devices and hardware.  Unconvincing fictional
"straw man" case studies and some general project planning topics are
in chapter twelve, with more of the same in thirteen and fourteen.

Part five, which is only chapter fifteen, casts a rosy-spectacled look
at the future when all of security will be made perfect through the
use of biometrics--essentially returning us to the preface.

Basically, this appears to be a promotional pamphlet padded out to
book length: it isn't even as good as Richards' article in the
"Information Security Management Handbook" (cf. BKINSCMH.RVW).  The
material will not help you with a realistic assessment of what
biometrics can (and cannot) do, or how to implement it.  The
"Biometrics" text by Woodward, Orlans and Higgins (cf. BKBIOMTC.RVW)
is far superior.

copyright Robert M. Slade, 2004   BKBIOMNS.RVW   20040527

======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca      slade at victoria.tc.ca      rslade at sun.soci.niu.edu
Programming today is a race between software engineers striving
to build bigger and better idiot-proof programs, and the Universe
trying to produce bigger and better idiots. So far, the Universe
is winning.                                              - Rich Cook
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

More information about the ISN mailing list