Review of Friday & Monday Sessions
Dr. Charles C. Tappert
Seidenberg School of CSIS, Pace University
http://csis.pace.edu/~ctappert/
SUBTITLE
2015 GenCyber Cybersecurity Workshop
What is Biometrics?

The science of identifying, or verifying the identity
of, a person based on physiological or behavioral
characteristics/traits
 Physical
traits
 Fingerprint,
 Behavioral
Face, Iris
traits
 Signature/handwriting,
Voice
 Keyboard and mouse input
 Websites
and videos
 http://www.biometrics.gov/
 Biometric
Security
2015 GenCyber Cybersecurity Workshop
Technologies Used in Biometrics
 Pattern
Recognition (PhD Course, JPR)
 Machine Learning
 Artificial Intelligence
 Data Mining
 Beer
and Diapers
 Target Figured Out A Teen Girl Was Pregnant
Before Her Father Did
2015 GenCyber Cybersecurity Workshop
Pattern Recognition
What is pattern recognition?

The act of taking in raw data and taking an
action based on the “category” of the pattern

We gain an understanding and appreciation for
pattern recognition in the real world – visual
scenes, noises, etc.
 Human

senses: sight, hearing, taste, smell, touch
Recognition not an exact match like a password
2015 GenCyber Cybersecurity Workshop
Pattern Recognition
An Introductory Example
(from Pattern Classification by Duda, et al.)

Sorting incoming Fish on a conveyor according
to species using optical sensing
Sea bass
Species
Salmon
2015 GenCyber Cybersecurity Workshop
Pattern Recognition
Post Processing – for example, OCR

The following sentence has many spelling errors. Right
click on a word to get suggested correct spelling choices.

We cant allign teh wonds corektly in htis sentance.

On right clicking, most of correct spellings of the words are
listed as first choice.

Now, type the sentence above with the spelling errors into
Microsoft Word.

Many of the misspelled words are almost instantaneously
auto-corrected.
2015 GenCyber Cybersecurity Workshop
Traditional Modes of
Person Authentication

Possessions – what you have
 Keys,

passports, smartcards, etc.
Knowledge – what you know
 Secret

information: passwords, etc.
Biometrics – what you are/do
 Characteristics
of the human body and human
actions that differentiate people from each other
2015 GenCyber Cybersecurity Workshop
Most Common & Other Biometrics
Most Common
2015 GenCyber Cybersecurity Workshop
Other Biometrics
Attributes Necessary to
Make a Biometric Practical

Universality


Uniqueness


biometric characteristic invariant over time
Collectability


no two persons have the same biometric characteristic
Permanence


every person has the biometric characteristic
measurable with a sensing device
Acceptability

user population and public in general should have no strong
objections to measuring/collecting the biometric
2015 GenCyber Cybersecurity Workshop
Identification versus Verification
Identification
1-of-n
Verification
accept/reject
2015 GenCyber Cybersecurity Workshop
Discussed 5 of 6 Most Common Biometrics
 Face
– Jimmy Carter, Saddam Hussein
 Fingerprint
 Iris
 Signature
 Voice
2015 GenCyber Cybersecurity Workshop
Typical Error Rates
2015 GenCyber Cybersecurity Workshop
Biometric Zoo

Sheep


Goats


Easy to imitate, cause “passive” False Accepts
Wolves


Weak distinctive traits, produce many False Rejects
Lambs


Dominant group, systems perform well for them
Good at imitating, cause “active” False Accepts
Chameleons

Easy to imitate and good at imitating others
2015 GenCyber Cybersecurity Workshop
Many Biometric Systems and
Interesting Articles on the Internet




Long-range Iris Recognition
Google Glass Face Recognition
Microsoft's Age Estimator
KeyTrac Keystroke Demos: passwords, any text
 Secret


Lock
Michigan State University
DNA Generated Face – NYT science section article

Building a Face, and Case, on DNA – March 2015
2015 GenCyber Cybersecurity Workshop
Spoofing Biometric Systems
Interesting Articles on the Internet

Crime of the future – biometric spoofing?

Hacker Clones Fingerprint from Photograph

Can facial recognition systems be spoofed using
high quality video?
2015 GenCyber Cybersecurity Workshop
Microsoft’s Age Estimator Ideas

Have the students find photos of famous people and enter
the actual and machine-estimated ages into the spreadsheet

For each student in the class have the other students guess
the age estimator outcome and enter the student guesses
and the machine-estimated ages into the spreadsheet
2015 GenCyber Cybersecurity Workshop
Forgery Quiz Web Application

http://tempasp.seidenberg.csis/experimentalhandwriting
/experimentalhandwriting.html

We will try to have our IT support group support this app

Alternatively, we might have a project team redo it using
PHP rather than the unsupported ASP
2015 GenCyber Cybersecurity Workshop
Flower Recognition App

Interactive Visual System – human assists machine to improve recognition

Early work in 2005, new study currently underway 2015 using smartphone app
2015 GenCyber Cybersecurity Workshop
Verizon Funding –Leigh Anne Clevenger
Reduce UID/Password Dependency

Most people have many UID/Passwords for access


Bank accounts, smartphone/computer, social websites, etc.
Location Component

Near Field Communication (NFC)


Near-field communication uses electromagnetic induction between two loop
antennas located within each other's near field
Geofencing

Uses the global positioning system (GPS) or radio frequency identification (RFID) to
define geographical boundaries

Biometrics - Explore several biometrics for use in this problem area

Who needs passwords? 5 biometric devices
2015 GenCyber Cybersecurity Workshop
Monday –Biometrics

The science of identifying, or verifying the identity
of, a person based on physiological or behavioral
characteristics/traits
 Physical
traits
 Fingerprint,
 Behavioral
Face, Iris
traits
 Signature/handwriting,
Voice
 Computer-user input: keystroke and mouse input, writing
linguistic style, semantic content
 Websites
and videos
 http://www.biometrics.gov/
 Biometric
Security
2015 GenCyber Cybersecurity Workshop
Importance of Computer-Input Biometrics
Continual Authentication of Computer Users

U.S. DoD wants to continually authenticate all gov’t
computer users, both military and non-military
 DARPA
 2010
Active Authentication Phase 1
and 2012 – authenticate on desktops/laptops
 Requirement
 DARPA
 2013
– detect intruder within minutes
Active Authentication Phase 2
and 2015 – authenticate on mobile devices BehavioSec
 Requirement
– detect intruder within fraction of minute
2015 GenCyber Cybersecurity Workshop
Importance of Computer-Input Biometrics
Continual Authentication of Computer Users

U.S. Higher Education Opportunity Act of 2008
 Concerns
authentication of students taking online tests
 Universities
are using more online courses
 Requires
institutions of higher learning to adopt new
identification technologies as they become available
 To
assure students of record are those accessing the
systems and taking the exams in online courses
2015 GenCyber Cybersecurity Workshop
Proposal to DARPA Active Authentication
Continual Burst Authentication Strategy
23

Continual authentication is ongoing verification but with possible
interruptions

Whereas continuous authentication would mean without interruption

Burst authentication is verification on a short period of computer input

Bursts captured only after pauses

We believe these to be important concepts
2015 GenCyber Cybersecurity Workshop
Possible Broader Intrusion Detection Plan
Multi-biometric System

Motor control level – keystroke + mouse movement

Linguistic level – stylometry (char, word, syntax)

Semantic level – target likely intruder commands
Semantic
Level
Intruder
Stylometry
Keystroke + Mouse
2015 GenCyber Cybersecurity Workshop
Linguistic
Level
Motor Control
Level
Three Keystroke Biometric Presentations

Short Numeric Input on Mechanical Keyboards –
Ned Bakelman

Short Numeric Input on Smartphone
Touchscreens – Mike Coakley

Impaired Users Taking Online Tests on
Mechanical Keyboards – Gonzalo Perez

Also discussed mouse movement; and stylometry
on online tests, novels, and Facebook postings
2015 GenCyber Cybersecurity Workshop
25
Project Ideas

List and describe various biometrics, can you think of new ones?

What is the government doing in biometrics?

Find interesting Web and news items related to biometrics – e.g.,
beer and diapers, Target’s pregnant girl, DNA generated face,
secret lock, age estimation

Find or go deeper into interesting technologies – e.g., spelling
correction, Siri’s voice command system

List and describe the ways people use the usual authentication
method of combining what you have and what you know

Investigate the biometric zoo

Find articles on biometric spoofing
2015 GenCyber Cybersecurity Workshop
Copyright for Material Reuse

Copyright© 2015 Charles Tappert (ctappert@pace.edu), Pace
University. Please properly acknowledge the source for any reuse of
the materials as below.


Charles Tappert, 2015 GenCyber Cybersecurity Workshop, Pace
University
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation
License, Version 1.3 or any later version published by the Free
Software Foundation. A copy of the license is available at
http://www.gnu.org/copyleft/fdl.html.
2015 GenCyber Cybersecurity Workshop
Acknowledgment

The authors would like to acknowledge the support from the
National Science Foundation under Grant No. 1027400 and from the
GenCyber program in the National Security Agency. Any opinions,
findings, and conclusions or recommendations expressed in this
material are those of the author(s) and do not necessarily reflect the
views of the National Science Foundation, the National Security
Agency or the U.S. government.
2015 GenCyber Cybersecurity Workshop