Lecture6 - The University of Texas at Dallas

advertisement
Access Controls
Dr. Bhavani Thuraisingham
The University of Texas at Dallas (UTD)
June 2013
Domain Objectives
•
•
•
•
Provide definitions and key concepts
Identify access control categories and types
Discuss access control threats
Review system access control measures
Domain Agenda
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
Basic Requirements and Concepts
•
•
Requirements
– Security
– Reliability
– Transparency
– Scalability
– Maintainability
– Auditability
– Integrity
– Authentic
Key Concepts
– Separation of duties
– Least privilege
–
Need-to-know
Information Classification
•
•
•
•
•
Objectives
Benefits
Example of classification
Compartmentalized information
Classification Program
– Scope
– Process
• Ownership
• Declassification
• Marking and labeling
• Assurance
Domain Agenda
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
Access Control Types and Strategies
• Types
– Administrative
– Technical / Logical
– Physical
• Strategies
–
–
–
–
–
–
–
Preventive
Detective
Corrective
Directive
Deterrent
Recovery
Compensating
Access Control Examples
Controls
Administrative
Technical
Physical
Directive
Policy
Warning Banner
‘Do Not Enter’
Deterrent
Demotion
Violation Reports
‘Beware of Dog’
Preventive
User Registration
Passwords, Tokens
Fences, Bollards
Detective
Report Reviews
Audit Logs, IDS
Sensors, CCTV
Corrective
Employee
Termination
Connection
Management
Fire Extinguisher
Recovery
DRP
Backups
Reconstruct,
Rebuild
Compensating
Supervision,
Job Rotation
Keystroke Logging
Layered Defenses
Access Control
•
•
•
Access control is a system which enables an authority to control access to areas and
resources in a given physical facility or computer-based information system.
In computer security, access control includes authentication, authorization and audit. It
also includes measures such as physical devices, including biometric scans and metal
locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by
humans and automated systems.
In any access control model, the entities that can perform actions in the system are called
subjects, and the entities representing resources to which access may need to be
controlled are called objects (see also Access Control Matrix). Subjects and objects should
both be considered as software entities and as human users
Access Control
•
•
•
•
Access control models used by current systems tend to fall into one of two classes: those
based on capabilities and those based on access control lists (ACLs).
In a capability-based model, holding an unforgeable reference or capability to an object
provides access to the object
Access is conveyed to another party by transmitting such a capability over a secure
channel.
In an ACL-based model, a subject's access to an object depends on whether its identity is
on a list associated with the object
Domain Agenda
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
Access Control Threats
• Denial of service
• Password crackers
– Dictionary
– Brute force
– Rainbow tables
•
•
•
•
Keystroke Loggers
Spoofing/Masquerading
Sniffers
Shoulder Surfing/Swiping
• Dumpster diving
• Emanations
• TOC/TOU
Domain Agenda
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
System Access Control
•
•
•
•
Identification
Authentication
Authorization
Accountability
Identification and Authentication
• Identification
–
–
–
–
–
Methods
Guidelines
RFID
MAC and IP address
Secure user registration
• Authentication
– Knowledge (something you know)
– Ownership (something you have)
– Characteristics (something you are)
Identification, Authentication,
Authorization
•
•
•
•
Access control systems provide the essential services of identification and authentication
(I&A), authorization, and accountability where:
identification and authentication determine who can log on to a system, and the
association of users with the software subjects that they are able to control as a result of
logging in;
authorization determines what a subject can do;
accountability identifies what a subject (or all subjects associated with a user) did.
Identification, Authentication,
Authorization
•
Identification and authentication (I&A): Identification and authentication (I&A) is the
process of verifying that an identity is bound to the entity that makes an assertion or
claim of identity. The I&A process assumes that there was an initial validation of the
identity, commonly called identity proofing. Various methods of identity proofing are
available ranging from in person validation using government issued identification to
anonymous methods that allow the claimant to remain anonymous, but known to the
system if they return. The method used for identity proofing and validation should provide
an assurance level commensurate with the intended use of the identity within the system.
Subsequently, the entity asserts an identity together with an authenticator as a means for
validation. The only requirements for the identifier is that it must be unique within its
security domain.
•
•
•
•
•
Identification, Authentication,
Authorization
Authenticators are commonly based on at least one of the following four factors:
Something you know, such as a password or a personal identification number (PIN). This
assumes that only the owner of the account knows the password or PIN needed to
access the account.
Something you have, such as a smart card or security token. This assumes that only the
owner of the account has the necessary smart card or token needed to unlock the
account.
Something you are, such as fingerprint, voice, retina, or iris characteristics.
Where you are, for example inside or outside a company firewall, or proximity of login
location to a personal GPS device.
•
•
•
•
•
Identification, Authentication,
Authorization
Authorization: Authorization applies to subjects. Authorization determines what a
subject can do on the system.
Most modern operating systems define sets of permissions that are variations or
extensions of three basic types of access:
Read (R): The subject can
– Read file contents, List directory contents
Write (W): The subject can change the contents of a file or directory with the following
tasks:
– Add, Create, Delete, Rename
Execute (X): If the file is a program, the subject can cause the program to be run. (In Unix
systems, the 'execute' permission doubles as a 'traverse directory' permission when
granted for a directory.)
•
•
•
•
•
Identification, Authentication,
Authorization
These rights and permissions are implemented differently in systems based on discretionary access
control (DAC) and mandatory access control (MAC).
Accountability: Accountability uses such system components as audit trails (records) and logs to
associate a subject with its actions. The information recorded should be sufficient to map the
subject to a controlling user.
Audit trails and logs are important for Detecting security violations, Re-creating security incidents
If no one is regularly reviewing your logs and they are not maintained in a secure and consistent
manner, they may not be admissible as evidence.
Many systems can generate automated reports based on certain predefined criteria or thresholds,
known as clipping levels. For example, a clipping level may be set to generate a report for the
following: More than three failed logon attempts in a given period, Any attempt to use a disabled
user account, These reports help a system administrator or security administrator to more easily
identify possible break-in attempts.
Authentication by Knowledge
•
•
•
•
•
Password – p3nc!l
Passphrase – t@lk@bou+th3w3@th3r
Personal history – 1st pet, 1st address, 1st friend
Graphical
Guidelines
Authentication by Ownership
• Tokens
– One-time passwords
• Smart cards
• Memory cards
• RFID cards
Asynchronous and Synchronous
Token Device
1.
2.
3.
4.
5.
6.
User requests access via authentication server (i.e. userID)
Authentication server issues challenge # to user
User enters challenge # w/PIN in handheld
Handheld calculates cryptographic response (i.e. password)
User sends “password” to authentication server
Authentication server grants access to application server
Synchronous
• Event-based synchronization
• Time-based synchronization
Authentication: Smart Cards and
Biometrics
• Smartcards
– Contact smart cards
• Card body
• Chip
• Contacts
–
–
–
–
Contact-less smart cards
Card body
Chip
Antenna
• Biometrics (Authentication by Characteristic)
– Physiological
– Behavioral
Biometric Types and Selection Criteria
•
•
•
Static
– Fingerprint/Palm print
– Hand geometry
– Palm vein structure
– Retina scan
– Iris scan
– Facial recognition
Dynamic
– Voice pattern
– Keystroke dynamics
– Signature dynamics
Selection Criteria
– Accuracy
– Acceptability
– Reaction or processing time
– Population coverage
– Data protection
Identity and Access Management
•
Need for identity management
–
–
–
–
Manual provisioning
Complex environments
Outsourcing risks
Compliance with regulations and legislation
• Authoritative system of record
•
Challenges
•
– Consistency
– Reliability
– Usability
– Efficiency
– Scalability
– Principals
– Data
– Life cycle
Benefits
– Headcount reduction
– Productivity increase
– Risk management
Identity Management Technologies
•
•
•
•
Web access management (WAM)
Password management
Account management
Profile update
•
•
•
•
•
•
Access Control Technologies
Single sign-on
Kerberos
– To be explained in the next chart
SESAME
– An extension of Kerberos for use with applications
– Symmetric and asymmetric
– Distributed authentication
Directory services
– Lightweight Directory Access Protocol (LDAP)
– Network Information Services (NIS)
– Domain Name System (DNS)
Security domains
– Hierarchical domain relationship
– Equivalent classes of subjects
Web Portal Access
– Federated login
– Portlet
Single Sign-on Process
1.
2.
3.
4.
User enters ID and password
UserID and passwords transmitted to Authentication Server
Authentication Server verifies user’s identity
Authentication Server authorizes access to requested resource.
Single Sign-On
•
•
Single sign-on (SSO) is a property of access control of multiple, related, but independent
software systems. With this property a user logs in once and gains access to all systems
without being prompted to log in again at each of them. Single sign-off is the reverse
property whereby a single action of signing out terminates access to multiple software
systems.
As different applications and resources support different authentication mechanisms,
single sign-on has to internally translate to and store different credentials compared to
what is used for initial authentication.
Single Sign-on Kerberos
•
•
Kerberos is a computer network authentication protocol, which allows nodes
communicating over a non-secure network to prove their identity to one another in a
secure manner. It is also a suite of free software published by MIT that implements this
protocol. Its designers aimed primarily at a client–server model, and it provides mutual
authentication — both the user and the server verify each other's identity. Kerberos
protocol messages are protected against eavesdropping and replay attacks.
Kerberos builds on symmetric key cryptography and requires a trusted third party, and
optionally may use public-key cryptography by utilizing asymmetric key cryptography
during certain phases of authentication
Kerberos
•
•
•
Kerberos uses as its basis the symmetric Needham-Schroeder protocol. It makes use of a
trusted third party, termed a key distribution center (KDC), which consists of two logically
separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS).
Kerberos works on the basis of "tickets" which serve to prove the identity of users.
The KDC maintains a database of secret keys; each entity on the network — whether a
client or a server — shares a secret key known only to itself and to the KDC. Knowledge
of this key serves to prove an entity's identity. For communication between two entities,
the KDC generates a session key which they can use to secure their interactions.
The security of the protocol relies heavily on participants maintaining loosely
synchronized time and on short-lived assertions of authenticity called Kerberos tickets.
Kerberos
•
•
•
•
The client authenticates itself to the Authentication Server and receives a ticket. (All
tickets are time-stamped.)
It then contacts the Ticket Granting Server, and using the ticket it demonstrates its
identity and asks for a service.
If the client is eligible for the service, then the Ticket Granting Server sends another
ticket to the client.
The client then contacts the Service Server, and using this ticket it proves that it has been
approved to receive the service.
Kerberos: Drawbacks
•
•
•
•
Single point of failure: It requires continuous availability of a central server. When the Kerberos
server is down, no one can log in. This can be mitigated by using multiple Kerberos servers and
fallback authentication mechanisms.
Kerberos requires the clocks of the involved hosts to be synchronized. The tickets have a time
availability period and if the host clock is not synchronized with the Kerberos server clock, the
authentication will fail. The default configuration requires that clock times are no more than five
minutes apart. In practice Network Time Protocol daemons are usually used to keep the host clocks
synchronized.
The administration protocol is not standardized and differs between server implementations.
Since all authentication is controlled by a centralized KDC, compromise of this authentication
infrastructure will allow an attacker to impersonate any user.
Access Control Languages
• Service Provisioning Markup Language (SPML)
• Security Assertion Markup Language (SAML)
• eXtensible Access Control Markup Language (XACML)
Domain Agenda
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
Access to Data
Implementations
• Mandatory
• Temporal
• Discretionary
• Role
• Rule
• Content
• Privacy
Descriptions
• List
• Matrix
• Capabilities
• Non-discretionary
• Constraints
• Centralized
• Decentralized
Access Control
• Mandatory Access Control
– Labels: Subject and Objects
• Temporal Aces Control
– Hours of Operation
• Role-based Aces Control
•
Depends on Roles
• Privacy-Aware, Role-based Access Control
– Based on organization for economic co-operation and development
• Content Dependent
– Access based on values in data (i.e. Department)
Can only see data having to do with employees in the same department
Access Control Lists
•
•
•
•
•
Objects/Subjects
Files/Users
O.S. dependent
Object Based Matrix
Subject Based Matrix
Non-discretionary Access Control
(NDAC)/ Constrained User Interfaces
• Non Discretionary
– Operating system protection
– Security administrator control
– Ensures system security enforced
• Constrained User Interfaces
–
–
–
–
Menus
Database views
Physically constrained user interfaces
Encryption
Centralized/Decentralized
Access Control
• Centralized access control
– RADIUS
– TACACS+
– Diameter
• Decentralized access control
Access Conrol Administration
•
•
•
•
Access Contol Administration will work out how the organiztion will adninistrw access control:
Centralzied or Distributed.
Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that
is used to communicate with an authentication server commonly used in UNIX networks.
TACACS allows a client to accept a username and password and send a query to a TACACS
authentication server, sometimes called a TACACS daemon or XTACACS. This server was normally a
program running on a host. The host would determine whether to accept or deny the request and
send a response back. The TIP (routing node accepting dial-up line connections, which the user
would normally want to log in into) would then allow access or not, based upon the response.
TACACS+ and RADIUS have generally replaced TACACS. TACACS+ is an entirely new protocol and not
compatible with TACACS or XTACACS. TACACS+ uses the Transmission Control Protocol (TCP) and
RADIUS uses the User Datagram Protocol (UDP).
Domain Agenda
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
Intrusion Detection System
•
•
•
An IDS is a device (or application) that monitors network and/or system activities for
malicious activities or policy violations and produces reports to a Management Station.[
Intrusion prevention is the process of performing intrusion detection and attempting to
stop detected possible incidents.
Intrusion detection and prevention systems (IDPS) are primarily focused on identifying
possible incidents, logging information about them, attempting to stop them, and
reporting them to security administrators.
Intrusion Detection System
•
•
•
For the purpose of dealing with IT, there are two main types of IDS's: network-based and
host-based IDS.
In a network-based intrusion-detection system (NIDS), the sensors are located at choke
points in the network to be monitored, often in the demilitarized zone (DMZ) or at
network borders. The sensor captures all network traffic and analyzes the content of
individual packets for malicious traffic.
In a host-based system, the sensor usually consists of a software agent, which monitors
all activity of the host on which it is installed, including file system, logs and the kernel.
Some application-based IDS are also part of this category.
Intrusion Detection Systems
Network-based
= Packet
Host-based
= Permission
Application-based
= Process
Intrusion Prevention Systems
• Host-based
• Network-based
– Content-based
– Rate-based
• KPI
Analysis Engine Methods
• Examples
– Anomaly
– Response
– Alert
• Pattern- or signature-based
– Pattern matching
– Stateful matching
• Anomaly-based
– Statistical
– Traffic
– Protocol
• Heuristic Scanning
Threats to Access Control
•
•
•
•
•
Dictionary Attack
Brute Force Attack
Spoofing at Logon
Phishing
Identity Theft
Domain Agenda
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
Access Control Assurance and
Penetration Testing
• Assurance
– Audit trail monitoring
– Vulnerability assessment tools
• Penetration Testing
–
–
–
–
–
Definition
Areas to test
Methods of testing
Testing procedures
Testing hazards
Areas to Test
•
•
•
•
•
•
Application security
Denial of service (DoS)
War dialing
Wireless penetration
Social engineering
PBX and IP telephony
•
Penetration Testing Methods and
Steps
External
– Zero-knowledge (blind)
– Partial-knowledge
• Internal
–
–
–
–
Full-knowledge
Targeted
Blind
Double-blind
• Steps
–
–
–
–
Discovery
Enumeration
Vulnerability mapping
Exploitation
Testing Hazards and Reporting
• Production interruption
– Application abort
– System crash
• Documentation
– Identified vulnerabilities
– Countermeasure effectiveness
– Recommendations
• KPI
Domain Summary
•
•
•
•
•
•
•
Definitions and key concepts
Access control categories and types
Access control threats
Access to system
Access to data
Intrusion prevention and detection systems
Access control assurance
APPENDIX
• REVIEW of Access Control
• REVIEW of Biometrics
Access Control Techniques: Review
•
•
•
•
•
Role based access control
Constrained user interfaces
Access control Matrix
Content dependent access control
Content dependent access control
Access Control
•
•
Access control techniques: Access control techniques are sometimes categorized as either
discretionary or non-discretionary. The three most widely recognized models are Discretionary
Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). MAC
and RBAC are both non-discretionary.
Attribute-based Access Control: In attribute-based access control, access is granted not based on the
rights of the subject associated with a user after authentication, but based on attributes of the user.
The user has to prove so called claims about his attributes to the access control engine. An attributebased access control policy specifies which claims need to satisfied in order to grant access to an
object. For instance the claim could be "older than 18" . Any user that can prove this claim is granted
access. Users can be anonymous as authentication and identification are not strictly required. One
does however require means for proving claims anonymously. This can for instance be achieved
using Anonymous credentials.
Access Control
•
•
•
•
•
Discretionary access control: (DAC) is an access policy determined by the owner of an
object. The owner decides who is allowed to access the object and what privileges they
have.
Two important concepts in DAC are
File and data ownership: Every object in the system has an owner. In most DAC systems,
each object's initial owner is the subject that caused it to be created. The access policy
for an object is determined by its owner.
Access rights and permissions: These are the controls that an owner can assign to other
subjects for specific resources.
Access controls may be discretionary in ACL-based or capability-based access control
systems. (In capability-based systems, there is usually no explicit concept of 'owner', but
the creator of an object has a similar degree of control over its access policy.)
Access Control
•
•
•
Mandatory access control: (MAC) is an access policy determined by the system, not the owner. MAC
is used in multilevel systems that process highly sensitive data, such as classified government and
military information. A multilevel system is a single computer system that handles multiple
classification levels between subjects and objects.
Sensitivity labels: In a MAC-based system, all subjects and objects must have labels assigned to
them. A subject's sensitivity label specifies its level of trust. An object's sensitivity label specifies the
level of trust required for access. In order to access a given object, the subject must have a
sensitivity level equal to or higher than the requested object.
Data import and export: Controlling the import of information from other systems and export to
other systems (including printers) is a critical function of MAC-based systems, which must ensure
that sensitivity labels are properly maintained and implemented so that sensitive information is
appropriately protected at all times.
Access Control
•
•
•
Two methods are commonly used for applying mandatory access control:
Rule-based (or label-based) access control: This type of control further defines specific
conditions for access to a requested object. All MAC-based systems implement a simple
form of rule-based access control to determine whether access should be granted or
denied by matching:
– An object's sensitivity label
– A subject's sensitivity label
Lattice-based access control: These can be used for complex access control decisions
involving multiple objects and/or subjects. A lattice model is a mathematical structure
that defines greatest lower-bound and least upper-bound values for a pair of elements,
such as a subject and an object.
Access Control
•
•
Role-based access control: (RBAC) is an access policy determined by the system, not the
owner. RBAC is used in commercial applications and also in military systems, where
multi-level security requirements may also exist. RBAC differs from DAC in that DAC
allows users to control access to their resources, while in RBAC, access is controlled at
the system level, outside of the user's control.
Although RBAC is non-discretionary, it can be distinguished from MAC primarily in the
way permissions are handled. MAC controls read and write permissions based on a user's
clearance level and additional labels. RBAC controls collections of permissions that may
include complex operations such as an e-commerce transaction, or may be as simple as
read or write. A role in RBAC can be viewed as a set of permissions.
Access Control: Conclusion of Review
•
•
•
•
•
•
Three primary rules are defined for RBAC:
1. Role assignment: A subject can execute a transaction only if the subject has selected
or been assigned a role.
2. Role authorization: A subject's active role must be authorized for the subject. With
rule 1 above, this rule ensures that users can take on only roles for which they are
authorized.
3. Transaction authorization: A subject can execute a transaction only if the transaction is
authorized for the subject's active role. With rules 1 and 2, this rule ensures that users
can execute only transactions for which they are authorized.
Additional constraints may be applied as well, and roles can be combined in a hierarchy
where higher-level roles subsume permissions owned by sub-roles.
Most IT vendors offer RBAC in one or more products.
•
•
•
•
•
•
•
•
•
•
Review: Biometrics
What is Biometrics?
Biometrics are automated methods of recognizing a person based on a physiological or
behavioral characteristic
Features measured: Face, Fingerprints, Hand geometry, handwriting, Iris, Retinal, Vein
and Voice
Identification and personal certification solutions for highly secure applications
Numerous applications: medical, financial, child care, computer access etc.
Biometrics replaces Traditional Authentication Methods
Provides better security
More convenient
Better accountability
Applications on Fraud detection and Fraud deterrence
Dual purpose: Cyber Security and National Security
What is the Process?
•
•
•
•
Three-steps: Capture-Process-Verification
Capture: A raw biometric is captured by a sensing device such as fingerprint scanner or
video camera
Process: The distinguishing characteristics are extracted from the raw biometrics sample
and converted into a processed biometric identifier record
– Called biometric sample or template
Verification and Identification
– Matching the enrolled biometric sample against a single record; is the person really
what he claims to be?
– Matching a biometric sample against a database of identifiers
Why Biometrics?
•
•
•
•
•
•
•
Authentication mechanisms often used are User ID and Passwords
However password mechanisms have vulnerabilities: Stealing passwords
Biometrics systems are less prone to attacks
Need sophisticated techniques for attacks
– Cannot steal facial features and fingerprints
– Need sophisticated image processing techniques for modifying facial features
Biometrics systems are more convenient, Need not have multiple passwords or difficult
passwords
– E.g., characters, numbers and special symbols, Need not remember passwords
Need not carry any cards or tokens
Better accountability: Can determine who accessed the system with less complexity
Security Vulnerabilities
• Type 1 attack: present fake biometric such a synthetic biometric
• Type 2 attack: Submit a previously intercepted biometric data: replay
• Type 3 attack: Compromising the feature extractor module to give results
desired by attacker
• Type 4 attack: Replace the genuine feature values produced by the system by
fake values desired by attacker
• Type 5 attack: Produce a high number of matching results
• Type 6 attack: Attack the template database: add templates, modify templates
etc.
•
Biometric Terms: Verification and
Identification
Verification
– User claims an identity for biometric comparison
– User then provides biometric data
– System tries to match the user’s biometric with the large number of
biometric data in the database
– Determines whether there is a match or a no match
– Network security utilizes this process
• Identification
– User does not claim an identity, but gives biometric data
– System searches the database to see if the biometric provided is stored in
the database
– Positive or negative identification
– Prevents from enrolling twice for claims
– Used to enter buildings
Biometric Process
• User enrolls in a system and provides biometric data
• Data is converted into a template
• Later on user provides biometric data for verification or
identification
• The latter biometric data is converted into a template
• The verification/identification template is compared with the
enrollment template
• The result of the match is specified as a confidence level
• The confidence level is compared to the threshold level
• If the confidence score exceeds the threshold, then there is a
match
• If not, there is no match
Enrollment and Template Creation
• Enrollment
– This is the process by which the user’s biometric data is acquired
– Templates are created
• Presentation
– User presents biometric data using hardware such as scanning systems,
voice recorders, etc.
• Biometric data
– Unprocessed image or recording
• Feature extraction
– Locate and encode distinctive characteristics from biometric data
•
•
•
•
•
•
•
•
Data Types and Associated Biometric
Technologies
Finger scan: Fingerprint Image
Voice scan: Voice recording
Face scan: Facial image
Iris scan: Iris image
Retina scan: Retina image
Hand scan: Image of hand
Signature scan: Image of signature
Keystroke scan: Recording of character types
Templates
• Templates are NOT compressions of biometric data; they are constructed from
distinctive features extracted
• Cannot reconstruct the biometric data from templates
• Same biometric data supplied by a user at different times may results in
different templates
• When the biometric algorithm is applied to these templates, it will recognize
them as the same biometric data
• Templates may consist of strings of characters and numeric values
• Vendor systems are heterogeneous; standards are used for common templates
and for interoperability
Biometric Matching
• Part of the Biometric process: Compares the user provided template with the
enrolled templates
• Scoring:
– Each vendor may use a different score for matching; 1-10 or -1 to 1
– Scores also generated during enrollment depending on the quality of the
biometric data
– User may have to provide different data if enrollment score is low
• Threshold is generated by system administrator and varies from system to
system and application to application
• Decision depending on match/ nomatch
– 100% accuracy is generally not possible
False Match Rate
• System gives a false positive by matching a user’s biometric with another user’s
enrollment
– Problem as an imposter can enter the system
• Occurs when two people have high degree of similarity
– Facial features, shape of face etc.
– Template match gives a score that is higher than the threshold
– If threshold is increased then false match rate is reduced, but False no
match rate is increased
• False match rate may be used to eliminate the non-matches and then do further
matching
False Nonmatch rate
• User’s template is matched with the enrolled templates and an incorrect
decision of nonmatch is made
• Consequence: user is denied entry
• False nonmatch occurs for the following reasons
– Changes in user’s biometric data
– Changes in how a user presents biometric data
– Changes in environment in which data is presented
• Major focus has been on reducing false match rate and as a result there are
higher false nonmatch rates
Download