Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Biometrics - Pravin Shetty > Resume

advertisement 
Emerging Biometric
Applications
Expectations meet Reality
An Emerging
Technology
What are Biometrics?
The term biometrics refers to a science
involving the standard analysis of biological
characteristics.
A biometric is a unique, measurable characteristic or
trait of a human being for automatically recognising
or verifying identity.
Who are you?
No, who are you, really???
Authentication Methods in Network
& Internet Security
Something you know
Passwords
PINs
Mother’s maiden name
Something you have
ATM card
Smart card
Digital certificate
Something you are
Biometrics
Positive identification
Never lost or stolen
Biometric Techniques
Identification of all the biometric methods, both
mainstream and ‘esoteric,’ known to the group.
Consider methods that relate to non-humans
and also combinations of methods.
Biometrics
Innate
Iris
Retina
Ear
Fingerprint
Palm / hand
Face (visual & heat)
Skin detail / veins
DNA / Blood / Saliva /
anti-bodies
Heart rhythm
Footprint
Lips
Behavioral
Gait
Signature
Typing style
Mixed
Voice
Body odour
Why Biometrics?
“Biometric identification (e.g., fingerprints,
face and voice) will emerge as the only way
to truly authenticate an individual, which will
become increasingly important as security
and privacy concerns grow.”
- Gartner Group 26th April 2000
How do Biometrics Work?
Enrollment: Add a biometric identifier to a database
Fingerprint, Voice, Facial or Iris
Present
biometric
Capture
Process
Store
IDENTIFIED
Match
Compare
Verification: Match against an enrolled record
Present
biometric
No Match
DENIED
Capture
Process
Fingerprint Image
Identification
Randomness
Accuracy v. Affordability v.
Acceptability
Affordability >>
0
1
2
3
4
Accuracy >>
Courtesy, Veridicom Corp.
Benefits for the
Consumer
Benefits of Biometrics
Biometrics link a particular event to a
particular individual, not just to a
password or token, which may be used
by someone other than the authorized
user
Business Scenarios
The password problem
Remote access
Who is using our fee-based website?
Challenge-response tokens
Too many physical-access devices
Protecting the single-sign-on vault
Password Rules
(an obligatory cartoon)
How Do You Remember
Passwords?
The Password Problem
They’re either too easy or they’re
written down somewhere!
Users forget them!
Help Desk has to sort out the mess!
Password Survey
Every user requesting password reset
received survey
50% response
“No recriminations” policy
Source - CCH
The Password Problem
Thinking up new
passwords
Good passwords are bad for users
46
39
12 3
%
Easy
Not Too Hard
Hard
V. Difficult
The Password Problem
Write it Down
47
28
8
16
% of respondents
Never
Occasionally
Often
Always
The Password Problem
User Overload
No of
Pswds
57
36
%
1-3
4-6
7-9
7
The Password Problem
User Impact
Password
Resets
4
62
29
%
Zero
1-2
3-6
>6
5
The Password Problem
Wait Time
Wait Time
18
54
1 18
7 1
%
< 30 min
30 - 60
1 - 2 hrs
2 - 4 hrs
4 - 8 hrs
> 1 bus. Day
The Password Problem
Impact on Productivity
Work
Impact
14
41
25
%
No affect
minor
significant
Unable to work
17
The Password Problem
Who Knows your Password?
Sharing
pswds
62
32
51
%
Never
Occasionally
Often
V. Often
The Password Problem
Other's Passwords
How Many Passwords do you Know?
75
16
%
None
One
2 or 3
> 3
81
The Password Problem
Resets per Year
4
62
29
5
% of respondents
Zero
Source: CCH
1-2
3-6
>6
The Password Problem
Identifiable costs
Lost productivity
Flow-on productivity losses
Support team
Management and infrastructure
US research - $340 per incident*
Anecdotal – some incidents over $AU10,000
*BioNetrix Corp - www.bionetrix.com/inserts.pdf
Choosing Technologies
and Partners
Privacy Concerns
and Ethics
Criminal stigma
3rd party use of data
Sold or given for other than intended purpose
Provided to law enforcement
Unauthorized access
Identity theft
“Tracking” of actions through biometrics
Religious objections - “Mark of the Beast”
Australian Privacy Act
NPP 4 – Data Security
An organisation must take reasonable steps to
protect the personal information it holds from
misuse and loss and from unauthorised
access, modification or disclosure.
Privacy Policy
Recommendations
5 basic principles
Notice – disclose ALL data captured
Access –anyone can view their stored data
Correction Mechanism
Informed Consent – no 3rd-party
involvement
Reliability & Safeguarding
Who would use Biometrics
Strong identification and
authentication
Medium – high data security
Non-repudiation (I didn’t do it!)
Who would use Biometrics
The last metre
Fee-for-service web sites
e-Commerce transaction verification
Selecting Biometric
Technologies
User / environment considerations
Cooperative/non-cooperative users
Overt/covert capture
Habituated/non-habituated
Attended/unattended
Public/private
Indoor/outdoor
Possible interference
User lifestyle/occupation
Compatibility with existing/legacy systems
Selecting Biometric
Technologies
Technology factors
Cost
Accuracy
Ease of use
Public acceptance
Long term stability
Existence/use of standards
Barriers to attack
Track record of vendor/product
Availability of alternate sources
Scalability
Technology Comparison
Iris
Face
Finger
Signature
Voice
Accuracy
Very High
Medium
High
High
Medium
Ease of Use
Medium
Medium
High
High
High
Barrier to
Attack
User
Acceptability
Long Term
Stability
Interference
Very High
Medium
High
Medium
Medium
Medium
Medium
Medium
Very High
High
High
Medium
High
Medium
Medium
Coloured
Contacts
Lighting
Aging,
Glasses,
Hair
Dryness Changing
Dirt,
Signatures
Age,
Race
Noise,
Colds,
Weather
Accuracy
False rejection rate
Measures how often an authorized user, who should
be recognized by the system, is not recognized.
I am not recognised as me!
False acceptance rate
Measures how often a non-authorized user, who
should not be recognized by the system, is falsely
recognized.
You are pretending to be me!
Matching vs. NonMatching Prints
Non-matching
prints
d
Matching
Threshold
Matching
prints
False non-matches
False matches
FRR vs. FAR
FAR / FRR are loosely inverse
Error Rate
FAR = FER = Equal Error Rate
FRR
FAR
Threshold
Failure to enroll rate (FER)
Measures how often users are unable to enroll a
biometric record
Selecting a Biometric
Solution
Biometrics Institute
Recently incorporated
Impartial tester
Education source
Government & industry funded
www.biomet.org
support@biomet.org
“Introduction to Biometrics” 1-day course
September 25th
What problem are we
solving?
If biometrics is the answer, what’s
the question?
Reference Sites
Health
Health Technologies
(Australia)
Patient Records
Capital Coast Health (NZ)
Access security & SSO
e-Commerce (Australia)
e-Contracts
Big Sky Contracting
Social Security
States of New Jersey,
Virginia, Connecticut
Social Welfare systems
Banking & Finance
ING Direct (Canada)
On-line banking
ABN AMRO (Australia)
Network Security
Pt Makindo (Indonesia)
Network Security
On-line Trading
Government
Network Security and ID
systems
Defence – Stratcom
US GSA – Govt-wide
Smart Card Program
What are some of
the products?
Biometric Scanning Devices
5th
Veridicom
Sense
Fingerprint
Scanner
Veridicom
‘Combo’
Fingerprint &
SmartCard
Scanner
Secugen
EyeD Mouse II
Scanner
Sensar Iris
Scanner
PC Video
Camera
Phoenix Keyboards
Telex
Microphones
SAF/2000
SAF/NT
System requirements
Versions
Hardware
Client environment
Data Flow During Login
1. Client displays NRIgina.dll
SAFserver
Biometric device
2. Client accepts username
passed to SAFserver
3. SAFserver advises login
method
4. Client collects biometric
BSP
9x/NT client
Login
Server
5. Summarized biometric passed
to SAFserver for confirmation
6. SAFserver determines validity
of biometric
7. If user is valid, SAFserver
passes user password to client
8. Client passes username and
password to login server to
complete the login
NMAS
Modular interface to NDS
Choice of biometric method & supplier
Multiple & graded authentication
Free starter pack
Enterprise Edition
Graded Authentication
Veridicom
Protector Suite
Logon Protector – secure log-on based on fingerprints and
smart cards
FileDisk Protector - strong on-line encryption in a virtual
disk
Password Protector – PasswordBank for applications and
Internet access
PKI Protector – En/decrypt email and www user
authentication using PKI
More Information
SAFLINK Corporation
http://www.saflink.com/safnmas
http:// www.saflink.com/
Biometric Consortium
http:// www.biometrics.org
International Computer Security Association
http:// www.icsa.net
Biometrics in Human Services Newsletter
http:// www.dss.state.ct.us/digital.htm
Biometric Technology Today
http:// www.sjb.co.uk
The International Biometric Society
http:// www.tibs.org
The Connecticut Project
http://www.dss.state.ct.us/digital.htm
Human Identification in Information Systems
http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID
More Information
International Biometric Industry Association
http://www.ibia.org/
BioAPI Consortium
http://www.bioapi.org/
Biometric Digest
http://biodigest.com
Association for Biometrics (Europe)
http://www.afb.org.uk
National Biometric Test Centre
http://www.engr.sjsu.edu/biometrics/
Biometrics Research
http://biometrics.cse.msu.edu/
International Biometric Group
http://www.biometricgroup.com/
Biometrics Scanning, Law & Policy
http://www.pitt.edu/%7Elawrev/59%2D1/woodward.htm
And for a Negative
View…
Biometrics
http://www.666soon/biometri.htm
Fight the Fingerprint
http://www.networkusa.org/fingerprint.shtml
Give
Passwords
the Finger!
Related documents
Security methods and devices, including biometrics
Security methods and devices, including biometrics
j - Boston University
j - Boston University
Fingerprint Identification
Fingerprint Identification
Biometrics: myths and reality
Biometrics: myths and reality
Download
advertisement