Usable Biometrics Ashley Brooks Usability and Privacy 95-899 Cranor, Reiter, and Hong April 11, 2006 Outline Biometric Basics What is Biometrics? Why use Biometrics? Model of Biometric system Types of Biometrics Evaluating Accuracy User Acceptance Advantages & Disadvantages Biometrics Derived from the Greek words “Bio”: Life “Metric”: to measure Measures and Analyzes characteristics Physiological Behavioral Authentication Authentication 2 major means for authentication Identification Verification Identification vs. Verification Question raised Analysis Uses Biometric Components Types of Biometrics Physiological Fingerprints Face Eyes DNA Behavioral Voice Keystroke Fingerprinting Face Eyes DNA Voice Key Stroke Requires no special hardware Methods are transparent to users increasing user acceptance Can be used for cryptographically stronger secrets for login and encryption Accuracy Usability Metrics Failure to Enroll (FTE) Failure to Acquire (FTA) Performance Metrics False Acceptance Rates (FAR) False Rejection Rates (FRR) Usability Metrics Failure to enroll (FTE) Medicine Intake Hoarseness Sticky fingers Cataract Rare skin diseases Failure to acquire (FTA) Smudged finger prints Retina alignment Mumbling Hand positioning Performance Metrics User Acceptance Socially acceptable Knowledge of technology and computers Acceptance of the concept Usability Security Personal privacy Usability Considerations Familiarity with characteristics Experience with devices Environment of use Transaction Criticality Security Considerations Biometrics are not secrets and are therefore susceptible to modified or spoofed measurements There is no recourse for revoking a compromised identifier Strategic Solutions Liveness testing Multi-biometrics Privacy Considerations A reliable biometric system provides an irrefutable proof of identity Threatens individuals right to anonymity Cultural concerns Religious concerns Violates civil liberties Strategic Solutions Biometric cryptosystems Transparency Advantages Reduces cost within organizations Increases security Competitive advantage Convenience to employees Non-repudiation Eliminates a paper trail Disadvantages Accuracy of Performance Failure to enroll rate Information Abuse May violate privacy Conclusion Biometrics is a technology that can simplify the process of authentication Biometrics can be best used in situations where specific identity or exception identity is desired References Tynan, Dan, “Biometrics: from Reel to Real” www.pcworld.com/resource/printable/article/o,aid,120889,00.asp Yudkowsky, Chaim, “Byte of Success”, http://accounting.smartpros.com/x40536.xml http://perso.wanadoo.fr/fingerchip/biometrics/movies.htm Biometrics http://searchsecurity.techtarget.com/sdefinition/0,,sid14_gci211666,00.h tml International Biometric Group, http://www.biometricgroup.com/reports/public/reports/ Patrick, Andrew S., “Usability and Acceptability of Biometric Security Systems” , Institute for Information Technology National Research Council Biometric Assessment Benefits http://www.axsbiometrics.com/riskans.htm Bioidentification http://www.bromba.com/faq/biofaqe.htm Fact sheet http://www.jrc.cec.eu.int/download/press/20050330_biometrics_fact_sheet.pdf