Document 13214162

advertisement
Telebiometrics, and applications in Japan
Yoshiaki ISOBE
Yoshiaki
ISOBE
Systems Development Lab. Hitachi, Ltd.
yoshiaki.isobe.en@hitachi.com
Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 2
Introduction
Biometrics is one of Authentication technologies
Bi
ti i
f A th ti ti t h l i
Authentication technologies:
Knowledge: What you know
Knowledge: What you know
Password, PIN, etc.
Possession: What you have ID card Smart card One time password generator etc
ID card, Smart card, One time password generator etc.
Biometric Feature: What you are
Fingerprint, Face, Finger‐vein, etc. These are used to integrate on various application, case by case
Credit card(EMV): Smart card and PIN
Credit
card(EMV): Smart card and PIN
Immigration: IC Passport and Biometrics (Face, Fingerprint, Iris)
Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 3
What is Biometrics?
ISO/IEC JTC 1 SC 37 (Biometrics) defined the term ISO/IEC
JTC 1 SC 37 (Bi
t i ) d fi d th t
of “Biometrics”:
automated recognition of individuals based on their automated
recognition of individuals based on their
behavioural and biological characteristics
Biometrics has advantages over other Biometrics
has advantages over other
authentication methods:
Availability (Forgetless)
y( g
)
Security (Direct link to the authentication subject)
O
Operation Cost (Operation for i C (O
i f
Loss/Stolen)
Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 4
What is Telebiometrics?
TTP (ex: Government)
Is it genuine certificate?
Yes
Yes.
Is she same person?
Yes.
Network
Certificate of
Certificate of Biometric feature
Issuing
Hanako Hitachi
You are Hanako!
Send
Capturing of Bi
Biometric feature
i f
User
Nice meet you!
Verifier
However, there are various security threats on ICT environment.
ITU‐T SG 17 Question 9 “Telebiometrics” is standardizing some network authentication model using biometrics and security requirements for each
authentication model using biometrics, and security requirements for each models.
Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 5
ITU‐T Recommendations on Telebiometrics‐1
• For conventional Biometric technologies
ISO 19092
ISO 19092
X 1086
X.1086
Security Guideline in operating and building system
How to use the Biometrics on telecommunication environment
X.1083
Remote
Control
X.1084
Requirements
for open network
and protocol
Fi
Fingerprint
i
ISO 19795
ISO 19792
Evaluating
Evaluating Method
Geneva, 6‐7 December 2010
X.1089
Sign
TTemplate format
l t f
t
for open network
Face
Face Ii
Iris Other?
Vein
Voice
Standardizing by
ISO/IEC SC 37
Conventional Biometric Technology (BSP) Addressing security challenges on a global scale 6
ITU‐T Recommendations on Telebiometrics‐2
•
For Biometric template protection technologies
• Biometric Cryptosystem
• Cancelable biometrics
X.1086 Amd.1
Security Guideline to operate and to develop system
How to use the BTP tech. on telecommunication environment
ISO/IEC 24745
ISO/IEC 24745
X.1088
Applied it to the Framework
X.gep
Evaluating Method
PIE
And PIR
Applied it to the protection Mechanism
Biometric Cryptosystem
X.ott
PIV
Applied it to the Model
Cancelable biometrics
Mechanism Other?
Biometric Template Protection Technology Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 7
Telebiometrics application in Japan with relationship to ITU‐T Recommendations
to ITU‐T Recommendations
1.
ATM on Financial service
Japanese Bankers Association released the recommendation (guideline) to avoid fraudulent transactions and to protect customers at Jan. 2005
p
–
•
Prevention of ATM Frauds / Card Skimming
–
–
2.
Logical access control on business application
–
3.
Smart card implementation
Biometric authentication for ATM transactions
Increasing to require secure access to customer privacy information on sales department or integrity of evidence
information on sales department, or integrity of evidence editor, e.g. drug trial, hospital, …
Cloud service
–
Integration cost is important for cloud application. Cancelable biometric authentication service for cloud application have started in Japan at June 2010
application have started in Japan at June 2010 Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 8
1. ATM application on two ITU‐T X.1086 model
ATM with finger vein authentication
The Local model in ITU T X 1086
The Local model in ITU‐T X.1086
Capturing vein image from finger
The Download model in ITU T X 1086
The Download model in ITU‐T X.1086
Central Server
Application
Application
Vein Device
Vein Device
ATM / Teller Terminal
Application
Biometric M/W
Driver
Sensor
Controller
Smart Card
R/W
M/W:Middleware, R/W:Reader‐Writer, AP:Application
Geneva, 6‐7 December 2010
Authentication Server AP
Vein DB
Vein Device
ATM / Teller Terminal
Application
Biometric M/W
Sensor
Compare
Driver
Storage & Addressing security challenges on a global scale Compare
9
2. Logical access control for Business applications
• The center model in ITU‐T X.1086
1
Authentication Server
Input ID and Bio data
Client PC
0
2
指静脈情報を事前に登録
Send ID and Bio data
SSL
登録
4
Sales staff
Drug trial staff
Drug trial staff
Hospital staff
Windows
Domain Server
Geneva, 6‐7 December 2010
Biometric authentication
Access to Business Application
User for each example:
1.
2.
3.
3
Enrolled
Biometric data
Application example:
1. Customer management
2. Drug trial report system
3. Medical report system
Business Application
Addressing security challenges on a global scale 10
3. Biometric authentication as Cloud service Outsourcing of Storage & Comparison to The Third Party model in ITU‐T X 1086
Outsourcing of Storage & Comparison to The Third Party model in ITU‐T X.1086
End user
Application Service Provider
SSL
・Ease use
Application
Server
Authentication Service Provider
Biometric
Bi
ti
Authentication
Server
Cloud Center
SSL
・Low cost and Speedy start
for secure authentication
・Applied the cancelable biometrics
for secure operation
Cancelable biometrics
Client
Advantage 1:
Biometric feature protection
Biometrics Authentication Server
Sensor
Comparison
Enc Trans
Secret parameter
OK/NG
Send
Comparable to remain encrypted feature
Advantage
Ad
t
2
2:
Cancelable
Biometric Authentication Server
Old parameter
Client
Old template
Update
Update
Difference
calculation
Difference value
New parameter
Geneva, 6‐7 December 2010
New template
Update
Updatable to remain encrypted feature
Addressing security challenges on a global scale 11
Summary



ITU‐T SG 17 Question 9 is standardizing for secure biometrics authentication on telecommunication
There are various telecomm. application using h
l
l
Telebiometrics technologies for convenient and secure authentication
This presentation have introduced Telebiometrics Recommendations and 3 Telebiometrics applications in
Recommendations, and 3 Telebiometrics applications in Japan
Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 12
Telebiometrics and applications in Japan
Telebiometrics, and applications in Japan
Yoshiaki ISOBE
Hitachi, Ltd., Systems Development Laboratory
Yoshiaki isobe en@hitachi com
Yoshiaki.isobe.en@hitachi.com
Geneva, 6‐7 December 2010
Addressing security challenges on a global scale 13
Download