Analysis of Hardware Controls for Secure Authentication Report
advertisement
Georgia Institute of Technology CS4235: Introduction to Information Security Analysis of Hardware Controls for Secure Authentication Karan Asnani, John Bowen, Michael Ellis, Nirav Shah July 19th, 2006 CS4235: Introduction to Information Security Table of Contents Abstract ........................................................................................................................................... 3 1. Introduction ................................................................................................................................. 4 2. Smart Cards................................................................................................................................. 5 2.1 History................................................................................................................................... 5 2.2 Functionality ......................................................................................................................... 6 2.3 Pros and Cons ....................................................................................................................... 8 2.4 Future .................................................................................................................................. 11 3. Hardware Tokens ...................................................................................................................... 12 3.1 History................................................................................................................................. 12 3.2 Functionality ....................................................................................................................... 13 3.2.1 Multi-Factor Authorization .......................................................................................... 14 3.2.2 USB Hardware Tokens ................................................................................................ 14 3.2.3 Authorization Levels .................................................................................................... 15 3.3 Market ................................................................................................................................. 15 3.4 Pros and Cons ..................................................................................................................... 17 3.5 Future .................................................................................................................................. 18 4. Biometrics and Face Recognition ............................................................................................. 18 4.1 History................................................................................................................................. 19 4.2 Functionality ....................................................................................................................... 21 4.2.1 Eigenface...................................................................................................................... 21 4.2.2 3D Methods .................................................................................................................. 22 4.2.3 Weaknesses of Eigenfaces ........................................................................................... 23 4.3 Research and Market........................................................................................................... 25 4.4 Pros and Cons ..................................................................................................................... 26 5. Voice Recognition and Fingerprint Authentication .................................................................. 27 5.1 History................................................................................................................................. 27 5.2 Functionality ....................................................................................................................... 29 5.2.1 Fingerprinting .............................................................................................................. 29 5.2.2 Voice ............................................................................................................................ 30 5.3 Market ................................................................................................................................. 31 5.4 Pros and Cons ..................................................................................................................... 32 5.5 Future .................................................................................................................................. 33 6. Conclusion ................................................................................................................................ 34 7. Notes ......................................................................................................................................... 36 8. Bibliography ............................................................................................................................. 37 Analysis of Hardware Controls for Secure Authentication 2 CS4235: Introduction to Information Security Abstract Although many organizations are placing increasing emphasis on the protection of their data and electronic assets, one often neglected area is the first step in information security – access control. The protection of access to resources is a key deterrent in reducing information loss, and therefore should be given equal importance in an organization’s security policy. Although numerous methods are available for implementing access control, hardware authenticators are quite powerful due to their separation from data itself. This paper analyzes three major types of hardware controls for authentication – smart cards, hardware tokens, and biometrics, where specific attention is paid to face recognition, fingerprint scanning, and voice recognition. Each of the technologies is discussed in detail along with a weighted analysis of their associated pros and cons, and an attempt is made to determine the future path each industry may take relative to its current position. Analysis of Hardware Controls for Secure Authentication 3 CS4235: Introduction to Information Security 1. Introduction Information security is a rapidly growing field that is finally beginning to gain the attention it deserves from private industry. Business managers are recognizing that attacks on their organization’s data and computing infrastructure can have a direct impact on the bottom line, and spending on protection of electronic resources is well worth the investment involved. However, most of the research and investment in this field tends to concentrate on the protection of data when a user already has access to a system, or protecting against invaders over a network. In non-governmental organizations, the risk of attack via physical break-ins is often overlooked in the name of a trusting “open-door” policy, or the initial prohibitive cost of setting up access control systems. This not only leaves an organization exposed to outside threats, but inside threats as well, since it is widely accepted that insiders make up about 60% of all information security attacks. When looking at the three major information security principles of Confidentiality, Integrity, and Availability, which are all crucial to the maintenance of a secure system, access control is most relevant to the Availability aspect. An ideal access control scheme would provide both authentication and authorization. The former refers to verifying the digital identity of a user, whereas authorization is the process of checking to see if the user has the necessary privileges to access a particular resource. Therefore, a good access control system needs to both authorize and authenticate users effectively, thus making the right resources available to the right person when they require it, while preventing access to unauthorized users. This paper discusses and analyzes three separate authenticators: hardware tokens, smart cards, and biometrics; the latter category being further divided into related recognition methods such as face recognition, voice recognition, and fingerprint scanning. Each technology is discussed in terms of its history, an explanation of the technology’s pros and Analysis of Hardware Controls for Secure Authentication 4 CS4235: Introduction to Information Security cons is provided, and a prediction is made regarding the future direction that the technology or industry may take. When discussing the potential use of these technologies, an emphasis is placed on their suitability for private organizations, since that is a sector of the economy still lacking in its deployment of access control schemes. 2. Smart Cards 2.1 History Smart cards have evolved from magnetic stripe plastic cards which commonly function as credit cards, membership cards for loyalty programs, or perhaps most importantly, for the purpose of basic identification. However, data stored on the magnetic stripes of these cards suffers from a major weakness, namely the ease with which the information can be skimmed onto another card with someone possessing the right type of (cheap and readily available) equipment. Therefore, the use of smart cards is now a much safer option available to organizations implementing access control systems, as they have numerous applications (“What’s so Smart about Smart Cards” 5): Protect the privacy of individuals and keep their informational assets safe from hacking Restrict access on to networks or computer systems, in combination with hardware tokens Storage and encryption of sensitive data like certificates or passwords, usually in conjunction with a Public Key Infrastructure (PKI) that involves a certified digital certificate Restrict physical access to protected areas Although smart cards are the youngest member of the plastic card family, and indeed, still have huge scope for growth in their deployment, the technology itself is fairly old. Analysis of Hardware Controls for Secure Authentication 5 CS4235: Introduction to Information Security Various inventors in Germany, Japan, and France all applied for patents for plastic cards that could carry microchip technology in the late 1960s and early 1970s (Dhar 2). Since then, smart cards have grown widely in use in Europe, but the technology has not yet fully tapped into its global potential, especially in private industry in the United States. 2.2 Functionality Before delving into an explanation of smart cards, it is appropriate to first analyze the technology behind the magnetic stripe and why these cards do not offer an appropriate level of security for access control systems. A typical magnetic stripe contains three tracks which are further divided into tiny domains, each being 1/75 of an inch long and magnetized in a particular fashion. The direction of magnetization of each domain represents either a 0 or 1 bit, and thus when the stripe is read, the reader obtains the data from the card in binary form. The use of skimming card readers, or other materials that can alter the polarization of a magnetic domain, means that information on these cards is not secure. Smart cards are an improvement on simple magnetic-strip cards because they are essentially cards with very tiny computers in them, containing a microprocessor and memory. The underlying technology behind smart cards is relatively uncomplicated, but information is often not readily available due to manufacturers protecting their business secrets, and so the technical description here is relatively brief. However, numerous variations do exist in the types of smart cards manufactured, and these can be analyzed based on any number of parameters, the key ones being memory and interface. Memory cards are the simplest and cheapest types of smart cards. They usually contain an area for permanent information, and another area where changing information can be stored. Prepaid phone cards are often considered to be the ideal application for such cards. The permanent information is perhaps the card number, whereas the changing information Analysis of Hardware Controls for Secure Authentication 6 CS4235: Introduction to Information Security would be the talk time remaining. However, based on their technical capabilities, microprocessor or chip based cards are the more appropriate type of smart card for access control in organizations. Chip based smart cards contain four components: Read Only Memory (ROM): An area to store permanent data, usually the Operating System of the smart card. These are called Smart-Card Operating Systems (SCOS) and usually use up to 16 kB of space in the ROM. Many SCOSs are available, notable ones being MultOS, JavaCard, and StarCOS. Electrically Erasable Programmable Read Only Memory (EEPROM): An area to store application data and instructions Random Access Memory (RAM): Runtime volatile memory used by the processor to run desired functions Central Processing Unit (CPU): The heart of the card that performs instructions These cards are usually more expensive than simple memory cards, but are more appropriate for information-sensitive applications like banking and finance or indeed, access control.1 With regards to classification based on interface, each type is fairly self explanatory. Contact cards contain between six and eight gold plated contacts that can be inserted into a reader, where physical contact is made, and data communicated via electrical contact between the card and the card reader2. Chip based contactless cards can simply be passed near a reader in order for a transaction to be performed, making them extremely convenient and easy to use. A radio frequency (RFID) transmission originates from the reader, and information on the cards themselves is read via an antenna which is also part of the reader. Interestingly, this radio frequency transmission is what supplies the energy that the card needs to run its microprocessor. A series of standards govern contactless smart card manufacture, namely ISO 7816-1 through to ISO 7816-7 (Shelfer and Procaccino 86). The technology of contactless cards is in turn governed by two more standards – ISO/IEC 14443, which allows Analysis of Hardware Controls for Secure Authentication 7 CS4235: Introduction to Information Security for communications up to 10 cm, and ISO 15693, which is an alternative standard that allows for communications up to 50 cm. The use of contactless cards also helps to reduce the risk of vandalism to card readers themselves; for example, a card reader at the entrance to a company’s building could be placed low and to the side of the door frame, and can scan the card as the employee passes by with the card in his/her pocket or purse (Security 32). In fact, many banks are jumping upon the contactless card bandwagon due to the numerous retail possibilities it presents, and are trying to meet high consumer demand for increasingly convenient services (Noe). Finally, hybrid cards offer users both possibilities, making them quite flexible and extremely secure. 2.3 Pros and Cons The first and most obvious benefit of smart cards is that they counter threats to information loss from physical attacks where a potential criminal attempts to gain access to an area or resources that he/she should not be using. Smart cards’ actions are twofold – protecting the actual physical resource itself, and also authenticating the identity of an individual trying to get access to an electronic resource (“Logical Access Security: The Role of Smart Cards in Strong Authentication”). A pervasive and consistent access control system therefore greatly reduces the risk of physical attacks, not just through preventing access when someone attempts to break in, but also as a deterrent to potential criminals. Smart cards can also be combined with other authentication technology, biometrics for example, to provide economic and security advantages through a “two-factor” authentication system, which is described in more detail later in this paper. Along with the previously described ease of use and convenience of contactless smart cards, another advantage of smart cards is their large capacity. Smart cards can hold up to 32 kB of data, which means that each card can contain multiple pieces of identification and Analysis of Hardware Controls for Secure Authentication 8 CS4235: Introduction to Information Security permissions information for a user. Instead of maintaining separate access methods for different systems, information storage can be centralized, with information pertaining to logical access, physical access, and secure data storage all maintained on the same card. Some smart cards can even perform encryption on the data they contain. An indirect benefit of a large storage capacity is that smart cards can also be used for multiple functions. This is an approach being taken by the government of the United Arab Emirates as it implements a new national scheme aimed at providing all residents with National ID cards. These are simply multifunctional smart cards which residents can use as their labor identification card, a substitute for a passport, clearing immigration at the airport, and other daily activities. In addition to the relatively large storage capacity, smart cards also offer the capability of on-card data processing through the on-card microprocessor. However, this approach of “placing all your eggs in one basket” does raise a security concern if the card is lost or physically damaged, and that is also an issue that is addressed later in this section. Smart cards also have a very long lifetime. In fact, unlike contact cards where the contacts may wear out, the life of a contactless smart card is practically unlimited as long as the information stays relevant. The risk of data being erased or altered by malicious use of skimmers or other magnetic devices is also minimized, since credential information is solely on the card, and not actually on a network or in software. Therefore, the life of smart cards goes above and beyond the Principle of Timeliness, which states that data need only be protected for as long as it is valuable. With smart cards, data can be protected, with no significant increase in cost, well beyond its useful life. Finally, smart cards are quite secure themselves. Cards can be designed to be multilayered, a process that involves the use of tamper-proof security measures such as innovative color patterns and designs, nano printing of text, and holograms. These are intended to prove the card’s genuineness and make it difficult to forge (Fontanella 1). Analysis of Hardware Controls for Secure Authentication 9 CS4235: Introduction to Information Security As alluded to earlier, a major disadvantage of using smart cards is the security risk associated with the card being lost, stolen, or physically damaged due to misuse or natural elements like rain. The risk of data loss is magnified if a multifactor authentication scheme is not used. However, a solution to this problem can be fairly simple to implement, and is similar to the scheme used by banks for credit cards. If the card is lost, the owner can call his/her own company’s Information Technology or Security department and notify them that the card should be disabled, with all future use being potentially fraudulent. Having the company itself maintain a centralized system may be cost-ineffective, but it does reduce the risk of information having to be shared with a third party organization, and allows a company to tailor its access control system to meet its own specific needs. Unlike a suggested British national ID card scheme, allowing each company to set up its own database would also mean there are no problems with having to accredit various organizations to give them access to a central database (Hilley 10). The other major disadvantage, and arguably the one that may play the biggest part in the lack of widespread deployment of smart card technology thus far, is the high initial capital expenditure involved. When implementing a hardware-based access control system, a company will need to purchase cards for each of its employees, install the hardware needed to read the cards, and also set up databases and associated systems required for the entire project. Other costs involved are protection of information in the databases, protecting the transmission of information between a smart card and its reader, and implementing strong training schemes and security policies for employees (which should be in place anyway). These costs are typically unavoidable because they are associated with crucial components of any access control system. However, innovative schemes do exist that can simplify the cost and administrative issues associated with installing an access control system. For example, Liaw, Lin, and Wu Analysis of Hardware Controls for Secure Authentication 10 CS4235: Introduction to Information Security suggest a scheme of remote authentication that does not require a dictionary of verification tables to authenticate users, does not require timestamps, and promises a low communication and computational cost (223-8). A third major disadvantage arises from the issue of a lack of human trust, and the risk of reduced productivity if employees constantly require authorization before accessing their own computer or other physical resources. The latter can be minimized with the use of contactless cards, but the main issue here is the urgent need for management to realize the importance of good physical security. As cynical as it may sound, a lack of trust is perhaps the soundest way to protect an organization’s information, and often some compromises have to be made on an emotional level if a company’s reputation and profits are to be protected. 2.4 Future The future of smart cards is still wide open. With regards to research in the field, advances are continually being made on innovative methods to protect the cards themselves, and improving the processing and storage capabilities of the cards. Many researchers are also seeking to tackle the cost issue by proposing schemes that can reduce the expenditure of setting up a hardware-based access control system. Perhaps more research could be aimed at tackling the issue of disabling a smart card that is reported lost or stolen; despite being an idea put forward in this paper, current research in the field seems to be lacking in this area. In addition, the legal and privacy issues associated with smart card based access control systems are always a concern. Research by the Smart Card Forum in 1999 showed that U. S. smart card shipments were expected to grow at a rate of 60% between 1998 and 2003. Sumit Dhar also points out that the “smart card market is set for exponential growth in the next few years” (8). Analysis of Hardware Controls for Secure Authentication 11 CS4235: Introduction to Information Security Undoubtedly, the market will move towards more sophisticated on-card technology, and further exploitation of the multifunctional abilities of smart cards. In conclusion, relatively few organizations outside of the Federal sector are actually using smart cards for the purpose of authenticating identity (Everett 22). Therefore, tremendous potential for growth still exists, especially if the multifunctional capability of smart cards is fully exploited. It is therefore up to private firms to also realize that protection against physical attacks is just as important as protecting their network, and smart cards are one of the most effective technologies available to provide this physical security, especially when combined with other hardware controls like hardware tokens or biometrics. 3. Hardware Tokens As today's enterprises and individuals participate in an increasing amount of mobile activity, a dynamic technology is needed to keep applications secure, while making technological freedom a reality. This freedom comes in the form of an authenticator known as a hardware token. Today's tokens vary wildly in terms of size and advanced specifications, but they all have the same goal: to safeguard authentication while allowing for dynamic security. 3.1 History Hardware tokens were created as a way to limit access to confidential or protected information. They are portable devices which allow a user to access this protected information. In essence, a hardware token could be anything as simple as a key to one's front door. The modern hardware token analyzed in this paper is somewhat more complex, but it provides much of the same functionality: using something a user possesses to authenticate their identity. Analysis of Hardware Controls for Secure Authentication 12 CS4235: Introduction to Information Security The earliest form of the modern hardware token evolved in the 1970s. Originally called "dongles," these devices used hardware to connect to a computer and allow access to software (Elsom 3). Many of the first dongles connected to parallel or serial ports to block the flow of data (essentially to protect from information being copied). Today hardware tokens are still used to restrict access to applications; however they now are almost always defined by a changing (dynamic) pass code to aid in security. 3.2 Functionality Hardware tokens take a variety of shapes and sizes, from calculator-like cards to small shells that can be hooked to key chains. Hardware tokens typically have a LED (LightEmitting Diode) display which contains a special code the user enters to a system for authentication.3 Depending on the particular token being used, the code will change after a set period of time or after some event takes place. For time-changing hardware tokens, the code is usually updated within a period of 60 seconds or less.4 The hardware token and the system the user is trying to access are originally setup to concurrently cycle so that the code on the user's token matches that of the machine. For algorithms which are not time-based, examples of code-changing events are insertion into a drive (as with the USB-1 Token from CRYPTOCard) or the press of a button located on a token (as with the KT-1 Key Chain from CRYPTOCard).5 Because the password on hardware tokens can never be used again, it is sometimes called a one-time password, or OTP (Pfleeger 220). One-time passwords offer excellent security. These special passwords prevent "shoulder surfing," the act of watching somebody type a password in order to gain access to a system. Analysis of Hardware Controls for Secure Authentication 13 CS4235: Introduction to Information Security 3.2.1 Multi-Factor Authorization In addition to the special dynamic code, most often a static code known to a user is also used to provide a new dimension to the token's security. This static code is generally entered before the dynamic code into an authentication system (via keyboard) in the following way: STATICDYNAMIC One way to group authenticators is to label them as knowledge-based (something known to a user such as a password/PIN sometimes used with a smart card), object-based (something a user possesses such as smart-cards or tokens) or ID-based (using a unique feature in biometrics) authentication. A policy of using two or more forms of authentication is called “multifactor authentication” (O’Gorman 2024). The combination of static code and dynamic code is a form of multifactor authentication and "this example of token plus password constitutes the vast majority of current multifactor implementations" (O'Gorman 2025). O'Gorman goes on to explain this multifactor authentication implementation combines something a user has (an object-based authenticator) with something a user knows (a knowledge-based authenticator) and is commonly called two-factor authorization.6 3.2.2 USB Hardware Tokens Some hardware tokens have now merged with Universal Serial Bus (USB) storage devices. They also contain a dynamic security code to be entered by the user for access to a system if a company desires this option. Additionally, the extra storage capacity a USB drive offers allows a user to save documents on the drive by means of encryption using a public key infrastructure (PKI). In other words, as a user loads a document to the USB it is encrypted using public key cryptography. Analysis of Hardware Controls for Secure Authentication 14 CS4235: Introduction to Information Security The decryption takes place automatically when the user enters a memorized personal identification number. This leads one to question the existence of the encryption in the first place; if the PIN is all that is necessary to decrypt (why not just use the PIN to protect the data)? The answer is to fend off any intruder who could somehow extract the data from the USB without having to authenticate on an outside computer. There are also tamper-proof USB keys to keep an unauthorized user from extracting data. Also, because of the extra space associated with USB keys, they may also allow for digital signing.7 3.2.3 Authorization Levels Authentication options range for token vendors and also changes based on the needs of the client. Most of the time users just type in their dynamic and static codes along with a username into authentication software in order to gain access to information (as described above). Some USB keys just require the user to plug the key into a system to allow access. The level of access which is granted also ranges for vendors and clients. For some secure systems, a token may be necessary to access any information on a computer. Some authentication software only restricts access to the internet or perhaps a certain server. 3.3 Market The largest single producer of hardware tokens is RSA Security. Their product, SecurID, is used by the "White House, the U.S. Senate, NSA, CIA, The U.S. Department of Defense, and a majority of the Fortune 100 companies" (Biryukov 130). Originally, according to Biryukov, Lano, and Preneel, the SecurID hash function used the "secret key, unique to one single authenticator, and the current time (expressed in seconds since 1986)" to produce its secret key. (Biryukov 131) The algorithm was breakable and RSA has now moved to an AES-based algorithm. Typically the code-producing algorithms of vendors are Analysis of Hardware Controls for Secure Authentication 15 CS4235: Introduction to Information Security kept secret, making technical information and statistics of the actual security technology hard to come by. RSA makes three distinctions among its OTP products. They offer a plain OTP generator, a USB key which has the ability to encrypt documents stored on it, and a key which will combine a user pin with an OTP generator all on the token. These three different versions are a good representation of the vast majority of hardware tokens on the market. VeriSign (and its original equipment manufacturer Aladdin Knowledge Systems) are active participants in the field of hardware authenticators as well. VeriSign offers similar products to RSA Security; however they also have an event-based password generating token. VeriSign uses the OATH (The Initiative for Open Authentication) standard for authentication. OATH is a consortium of technology companies that have a goal to standardize authentication technology to be used across commerce and government networks. OATH seeks to "deliver solutions that allow for strong authentication of all users on all devices, across all networks" (OpenAuthentication Vison). It seems profit-margins could ultimately be the bottom line for this group and not security as the official website states a goal to "reduce the cost and complexity of strong authentication to drive broad enterprise and consumer adoption." More consumer adoption may mean better business over better security. There are many other companies in competition with RSA. VASCO is a company which has been targeting an international audience as well as financial institutions. Companies look to VASCO for a cheaper token, VASCO's "tokens cost about $8 each, vs. $20 or more for RSA tokens" (Swartz). Many institutions are holding out until a price war begins to heat up. For banks, spending $8 per customer is a huge ordeal given a large customer base. As more and more companies such as VASCO evolve to compete with the larger companies, cheaper alternatives become a reality. Analysis of Hardware Controls for Secure Authentication 16 CS4235: Introduction to Information Security 3.4 Pros and Cons There are many advantages for using hardware tokens. One big advantage is the onetime password (OTP) which prevents shoulder-surfing and guessing. The biggest advantage, however, is the common two-factor authentication: combining a password and the pseudorandom pass code generated. This way, even if the token is stolen, it is virtually unusable. Additionally, if a token is stolen, the user will know. While many times an intrusion is tough to detect over a network, it is quite obvious when a token is missing. In this case, a disconnect between a token and an authentication server needs to be made. Modern hardware tokens also allow for increased mobility. Research and confidential data that could once be only accessed within labs can now be accessed from a user's home, or even in another country. For example, to gain access to a Virtual Private Network, all one needs is their token and PIN. This information can be entered into a security application or interface on a computer and then sent to an authentication server. If the user possessed the correct credential, the user is then granted access. The added security of a hardware token enables this foreign access which should never be provided with single-factor authentication. Hardware tokens are far from perfect. If the problem is not the user remembering his/her PIN, it is the user remembering the token itself! If a user just lost their keys, they may have lost their hardware token as well. Also, a user may be tempted to write down their PIN as not to forget it. This basically negates the two-factor authentication and as long as somebody has the hardware token, access to the system/portal and the PIN, they can be granted authentication. Additionally, hardware tokens can cost users time. They are great for commercial enterprises, research, and government organizations; however they have not been accepted for widespread consumer use. Banks are hesitant to ask for another form of identification for transactions besides a PIN because it is an inconvenience (taking more time for a single transaction). Customers who don't like the inconvenience may even decide to Analysis of Hardware Controls for Secure Authentication 17 CS4235: Introduction to Information Security leave the bank. Additionally, hardware tokens are currently expensive. For a major financial institution, the cost to deliver hardware tokens to its customers would be millions (if not billions over time). Similarly to smart cards, setup of a hardware token security scheme is rather expensive. This added expense is scaring companies away from incorporating better security into its business plans. Most companies choose to not upgrade their current security until it become problematic. 3.5 Future As radio-signal based technology Bluetooth becomes more common in mobile devices, there may be a move away from random password generators. With a Bluetooth token, a user could have access to a machine by taking the token within 10 meters of the machine.8 The radio-signal's “Zero-Interaction Authentication,” or ZIA, adds to convenience but has many of the same limitations as a password generating token (Abdelhameed 200). Bluetooth has encouraging money-saving possibilities. Instead of issuing a new token, it is now possible to program a token into a PDA or cell phone to enable authentication. Recently Bank of America has announced a deal with VeriSign in which "select online users are issued token devices, electronic gadgets that generate one-time passwords" for online transactions (Schnieder 1). Hardware tokens are on the verge of hitting the consumer market, however even Bank of America's policy is voluntary. It could take several years before hardware tokens become accepted by consumers and private institutions make widespread policy changes to include this form of two-factor authentication. 4. Biometrics and Face Recognition Identification before the days of hardware methodologies and even before passwords was a matter of human instinct, based simply on the appearance of an individual: his face, build, and other physical attributes. These characteristics assist in defining an individual’s Analysis of Hardware Controls for Secure Authentication 18 CS4235: Introduction to Information Security identity, and even today, they are pivotal in much of societal interaction. It is no surprise, then, that security professionals now employ these features in the context of access control. This field is known as biometrics. In particular, face recognition in security has recently received much attention, some of which is evidenced by the rise of face recognition conferences such as AFGR (IEEE International Conference on Automatic Face Gesture Recognition) and AVBPA (Conference on Audio- and Video-based Biometric Person Authentication) as well as “empirical evaluations of face recognition techniques” (Zhao 1). This technology provides means of personal identification and verification within some degree of certainty, and face recognition plays a unique role in security surveillance. Understanding the full implications of face recognition in the security (and access control) arena requires some knowledge of the history, technologies and techniques, testing and standards, research, and markets of the two individual fields. 4.1 History Face recognition has obviously been practiced by security personnel for some time, but automated face recognition is a relatively new concept (National Science and Technology Council: Subcommittee on Biometrics npa). The very nature of face recognition makes it useful in some unique ways and at the same time difficult to implement; these two themes become apparent early in the history of face recognition, and it is this history that one should first realize. During the 1960s, Woody Bledsoe, Helen Chan Wolf, and Charles Bisson developed the first semi-automated (computerized) system for face recognition. This early system required an administrator to locate facial features such as eyes, ears, and nose on a photograph, which were then used to calculate distances and ratios to a common reference point. These data were then compared to reference data by the computer for recognition, thereby identifying an individual within some degree of certainty. Unfortunately, some Analysis of Hardware Controls for Secure Authentication 19 CS4235: Introduction to Information Security difficulties arose concerning the orientation of the individual’s face—difficulties that still persist. According to Bledsoe, “...the correlation is very low between two pictures of the same person with two different head rotations” (Scheentra 891). Each set of data, then, must be normalized to represent the face in a frontal orientation. Later, in the 1970s, Goldstein, Harmon, and Lesk utilized characteristics such as hair color and lip thickness to aid in automation, but the real breakthrough came in 1988 when Kirby and Sirovich applied “principle component analysis” (a technique of linear algebra) to the face recognition problem. This showed that “less than one hundred values were required to accurately code a suitably aligned and normalized face image” and became known as the “eigenface technique”. In 1991, Turk and Pentland extended this technique by realizing that residual error could be used to detect the faces in images, further automating the face recognition process and creating significant interest in further development of the technology (National Science and Technology Council: Subcommittee on Biometrics npa). Furthermore, much interest in face recognition stems from the fact that, according to “Face Recognition: A Literature Survey,” Although extremely reliable methods of biometric personal identification exist, e.g., fingerprint analysis and retinal or iris scans, these methods rely on the cooperation of the participants, whereas a personal identification system based on analysis of frontal or profile images of the face is often effective without [italics added] the participant’s cooperation or knowledge. (Zhao 1) In other words, because faces can be captured from far away, no physical contact is required for face recognition. As a result, face recognition has applications in security surveillance (identification) as well as verification problems (and thus access control). In identification problems, the input to the system is an unknown face, and the system attempts to determine Analysis of Hardware Controls for Secure Authentication 20 CS4235: Introduction to Information Security an identity from a database of known individuals, but in verification problems, the system attempts to confirm or reject the claimed identity of the input face (Zhao 1). 4.2 Functionality Regardless of specific application, implementing face recognition can be summarized in five steps. The first step is acquiring an image of the face, which can be accomplished using anything from an existing photograph to a snapshot from a live camera. Second, the location of the face must be detected, whether in a crowd or in front of a standard background. Third, the face must be analyzed using one or more of a variety of algorithms. Fourth, the data gathered must be compared to some reference (e.g., an individual face or a database of known faces). Finally, the results of the comparison must be analyzed to determine whether or not an accurate match exists (Woodware npa). Some particular algorithms include the aforementioned eigenface method as well as fisherface, the Hidden Markov model, the “neuronal motivated” Dynamic Link Matching, elastic bunch graph matching (EBGM), and more recently, three-dimensional face recognition. The eigenface, or Principal Component Analysis, method, because of its widespread application, is worthy of further discussion. Three-dimensional recognition is also worthy of further discussion because of its future potential. 4.2.1 Eigenface The eigenface technique (a linear algebra-based technique) corresponds to “one of the most successful methodologies for the computational recognition of faces in digital images.” In fact, it is the basis for a number of variations known as eigenspace-based approaches, which differ in the kind of projection method, the projection algorithm, the use of simple or differential images before/after projection, and the similarity matching criterion. The starting point for the use of any eigenspace-based method is realizing that the amount of data carried Analysis of Hardware Controls for Secure Authentication 21 CS4235: Introduction to Information Security in an image is much greater than what is needed to describe a face, since “faces are similar in appearance and contain significant statistical regularities”. This approach works by first projecting input faces onto a dimensional reduced space where recognition is carried out. As previously stated, Sirovich and Kirby used PCA (principal component analysis) to derive a reduced representation of face images. According to Javier Ruiz-del-Solar, PCA is a general method for identifying the linear directions in which a set of [data-containing] vectors are best represented in a least-squares sense, allowing a dimensional reduction by choosing the directions of largest variance.(Navarrete 820) In terms of representing a face, PCA reduces the dimensions of facial data by means of data compression basics, revealing the most effective low dimensional structure of facial patterns (National Science and Technology Council: Subcommittee on Biometrics npa). The term “eigenfaces” comes from the fact that the face structure is decomposed into orthogonal components (eigenfaces), similar to the standard linear algebra technique of eigenvector reduction. In more mathematical terms, PCA determines the orthogonal projection that maximizes the determinant of the total scatter matrix of the projected sample images (Cohn 7-8). A face image is then represented as a weighted sum of the eigenfaces.9 As a final step in the recognition process, the input image is compared to a reference image by measuring the distance between the respective weighted sums of eigenfaces (National Science and Technology Council: Subcommittee on Biometrics npa). Close mathematical matches are considered facial matches. 4.2.2 3D Methods 3D face recognition is a much newer field within face recognition, but holds much promise. Three-dimensional technology captures facial images using a number of cameras placed around an individual’s face (Greenemeier npa). 3D models hold more information Analysis of Hardware Controls for Secure Authentication 22 CS4235: Introduction to Information Security than 2D models, and this information can be used for face recognition or subject discrimination (verification). Mavridis designed the original approach to 3D facial models, which was very similar to eigenfaces for two dimensions, but others have since extended this approach to take advantage of Gaussian curvatures. However, according to “A Survey of 3D Face Recognition Methods,” 2D face recognition seems to outperform 3D face recognition methods, but it is expected that this will change in the near future (Scheentra 891). 4.2.3 Weaknesses of Eigenfaces Six specific difficulties outlined in “Quo vadis Face Recognition” hinder the algorithms described above and are all functions of face image acquisition and individual differences in subjects. 1. Viewing angle affects the appearance of the face because of projective deformation (stretching, etc. of different parts of the face) and self-occlusion and dis-occlusion of parts of the face. 2. Illumination can accentuate or diminish certain facial features. 3. Expressions of emotion and “paralinguistic communication” can cause large variations in facial appearance. 4. Objects in the scene or on the face may obscure the face. 5. Faces change over time, whether in response to aging or fashion. However, it is the same individual behind the face. 6. Other individual factors such as sensitivity to gender or ethnicity may affect the output of the algorithm. (Cohn 2-3). It should be noted, though, that over the last few years, face recognition algorithms such as eigenfaces have been improved and tested on less than perfect images (Scheentra 891). Analysis of Hardware Controls for Secure Authentication 23 CS4235: Introduction to Information Security 4.2.4 Testing & Standards With the rise of face these recognition applications, the government has responded by establishing two major entities to encourage and test face recognition technology: FERET and FRVT. A number of standards have appeared as well. The Department of Defense, for one, sponsored the Face Recognition Technology (FERET) program, which began in 1993. The FERET program comprised three major elements. First, it sponsored research for promoting recognition algorithms from theory to application. Second, it collected and distributed the FERET database of facial images, which is used as a standard for testing algorithms. Finally, and most importantly, FERET performed evaluations that compared the abilities of race recognition algorithms (FERET). FRVT, the Face Recognition Vendor Test, specifically targets commercial systems. Its primary goal is “to measure progress of prototype systems/algorithms and commercial face recognition systems…” Participating agencies include the FBI, NIST, and DHS (Face Recognition Vendor Test 2006 - Introduction). One may now question the accuracy of the face recognition, especially in the context of verification since it applies directly to access control. In response, FRVT 2002 has verification performance data for the top three face recognition companies tested.10 Surprisingly, for a desired “false alarm rate” of 0.1%, the average verification rate was only near 80% (Phillips npa). While a number of standards for biometrics in general exist, INCITS M1 and ISO SC37 Face Recognition Data Interchange Format specifically target face recognition. These “[ensure] that enrolled images will meet a quality standard needed for both automated face recognition and human inspection of facial images; [facilitate] the use of face information in applications that have limited storage…and [allow] interoperability among facial recognition vendors” (Identix - Standards). In addition, it should be noted that in October of 2004, the U.S. Department of Homeland Security adopted its first biometric face recognition standard. Analysis of Hardware Controls for Secure Authentication 24 CS4235: Introduction to Information Security This standard is used in applications such as travel documents, specifying definitions of photographic properties for the purposes of “computer automated face recognition” (“Department of Homeland Security Adopts Facial Recognition Standard). 4.3 Research and Market With face recognition receiving both government support and commercial interest, it is no surprise that researchers and vendors alike seek to further face recognition technology. While improving the accuracy of recognition algorithms is obviously one major goal of current research, “significant research efforts have [also] been focused on video-based face modeling, processing, and recognition” (Zhao 2). A large number of research groups exist in the U.S. alone. For example: Advanced Multimedia Processing Lab, Carnegie Mellon University Center for Automation Research, University of Maryland Face Perception and Research Laboratories, University of Texas at Dallas Perceptual Science Laboratory, University of California – Santa Cruz (Face Recognition Homepage – Research Groups). Accordingly, in 2005, “Q-Tel, a CIA-backed venture group…disclosed about $6 million in investments in A4Vision Inc., a provider of 3-D facial-scanning and –recognition software and equipment.” Also, since the beginning of 2005, the French Civil Aviation Authority has employed A4Vision’s 3-D recognition systems in the Lyon airport to create security badges for pilots, mechanics, and other employees to access the highly secure tarmac. There have been only a few incidents in which the system failed to meet expectations (Greenemeier npa). One other popular 2D face recognition vendor is Identix, Inc., which is named in FRVT as one of the most reliable face recognition software companies. Identix software was used at Super Bowl XXXV to search for potential criminals and terrorists. Analysis of Hardware Controls for Secure Authentication 25 CS4235: Introduction to Information Security It is obvious that even through the weakness of face recognition technology, advances driven by research and growing commercial availability could in fact make face recognition a viable security feature within businesses. One can perhaps expect the aforementioned largescale implementations of the technology to trickle into the smaller private market, further; coupling face recognition technology with other security measures (multifactor authentication) may provide greater levels of security. For example, some research into embedding a face image as a watermark into iris images allows for establishing the authenticity of the iris and user in iris recognition (another biometric technology). This scheme resists “malicious manipulations of an iris image” during the iris patter matching process (Ji 1). 4.4 Pros and Cons Despite the rise of face recognition technology, it is somewhat tarnished by its deficiencies. Even the more accurate 3D recognition still faces a number of hurdles, especially in the context of verification (Greenemeier npa). According to Stan Li, the challenges—many of which were mentioned previously—come “from high nonconvexity of face manifolds [mathematical projections of the face], in the image space, under variations in lighting, pose, and so on”. In layman’s terms, face recognition involves just too many variables. It is this flexibility, however, that makes face recognition the main route in automated security surveillance while at the same time tempering its use as a means of verification in access control. Still, future research in two directions may provide possible “solutions.” First is the construction of a “‘good’ feature space [the mathematical space onto which face manifolds are projected] in which face manifolds become less complex.” Second is the construction of more capable “classification engines,” which utilize common face attributes to aid in recognition (Li 3). In fact, few studies have tested face recognition in the Analysis of Hardware Controls for Secure Authentication 26 CS4235: Introduction to Information Security context of individual differences in subjects regarding ethnicity, etc. (Cohn 1). In light of this information, one may conclude that face recognition is still a future technology. Furthermore, while surveying information on face recognition, one is likely to encounter the topic of iris recognition, which in fact may be a more accurate alternative to general face recognition. The inventor of this technology, J. Daugman, describes the accuracy in his essay, “High Confidence Visual Recognition of Persons by a Test of Statistical Independence,” offering evidence that in a typical recognition case, the confidence levels of his algorithm correspond formally to a conditional false accept probability of one in about 1031 (Daugman 1148). This patented and tested technology is thus perhaps the superior option in biometrics in the context of access control. 5. Voice Recognition and Fingerprint Authentication 5.1 History The process of fingerprinting a person has been around for hundreds, perhaps thousands of years, as handprints have been found impressed in various artifacts, from Chinese and Babylonian tablets, to pre-historic Native American petroglyphs. (History of Fingerprinting 4) However, the use of fingerprints to identify a person has comparatively been around for only a short period of time. The idea of using fingerprints as identification was first circulated by Dr. Henry Faulds, who in 1880 was the first scientist to publish a paper mentioning the use of fingerprints for identification. While Faulds wrongfully believed that fingerprints were not unique to each individual, his observation that fingerprints could be used as identification would have far reaching implications. Subsequently, in the 1890’s, Sir Francis Galton, a famous British scientist, was the first to put fingerprinting on a scientific basis, as he proved the individuality/permanence of fingerprints through the publishing of dozens of scholarly works, articles, and two major books (History of Fingerprinting 5). Later Analysis of Hardware Controls for Secure Authentication 27 CS4235: Introduction to Information Security on, Sir Edward Richard Henry, a British official in India, created a way of classifying fingerprints, called the Henry Classification System, in 1897 after consulting with Galton on the issue. Later on, in the early 20th century fingerprinting became extremely common, as it became commonly used in law enforcement to catch criminals. Today, fingerprint identification, has become more widely used then ever, as the use of Automated Fingerprint Identification System (AFID), an electronic database of fingerprints, has caused the use of fingerprint identification to skyrocket. (History of Fingerprinting 6) Voice recognition technology, on the other hand, is a relatively new technology compared to fingerprint identification. The first attempt at synthesizing speech occurred in 1936, with the innovation of a robot-like machine called Voder that emitted speech. Demonstrated at the World Fair, it sparked interest in voice recognition, as the U.S. Department of Defense funded research in voice recognition in the 1940s, in an attempt to decode enemy messages. However, this turned out to be a failure, as the technology required for such an innovation was ahead of its time. Years later, during the 1970s - 1980s, commercial viable products began to enter the mainstream, as the VIP 100 product from Threshold Technologies began a new wave of voice recognition research/technology. While innovative, the VIP 100 and other products during this time period were very limited, as they could usually only recognize a handful of words and were not very accurate. As personal computers became more and more powerful during the mid-1990s, voice recognition became more advanced, as continuous speech products such as “Naturally Speaking” from Dragon Systems became more and more popular (Zumalt 181). Today, there are many different companies, such as IBM, Dragon Systems, Microsoft, etc striving to provide high quality voice recognition technology (Weston). Analysis of Hardware Controls for Secure Authentication 28 CS4235: Introduction to Information Security 5.2 Functionality 5.2.1 Fingerprinting Fingerprint authentication is a type of id-based authentication (uniqueness to one person), as each person’s fingerprint is unique to that individual. There are three main ridge patterns, or types of fingerprints – arches, whorls and loops.11 Fingerprints usually also have minor patterns or special features, called minutia, that cause each fingerprint to be unique. Examples of these include ridge endings, (point at which a ridge terminates), bifurcations (where a ridge splits into two) and divergences (ridges so small that they appear like dots). Fingerprint scanners typically differentiate fingerprints first through the ridge patterns (arch, loop, etc) and then by the various minutia points on each finger, as they characterize each minutia point based upon its orientation, spatial frequency, curvature, and position (Weaver 97). While there are many different ways to scan a fingerprint, two methods dominate – optical scanning and capacitance scanning. Other methods include ultrasonic sensors, electric field scanning, and temperature scanning. The first is the method of optical finger scanning, in which a digital image of the finger is taken in a process similar to the process that takes place in digital cameras. In an optical scanner, a charge coupled device (CCD) composed of thousands of photosites, or light-sensitive diodes, generates a digital image of the fingerprint, as each photosite in the CCD records a pixel corresponding to the light that hit it (Khuwaja). Because optical scanning relies on light to scan in a fingerprint, it can sometimes read in a bad image, as a dirty finger can result in an improper image or no image at all. The second method of finger scanning is the process of capacitance scanning, in which a capacitor puts together an image of the fingerprint, similar to the image of an optical scanner. In capacitance scanning, a capacitive sensor uses the property of capacitance to scan Analysis of Hardware Controls for Secure Authentication 29 CS4235: Introduction to Information Security in the image of a fingerprint. The sensor is made up of one or more semiconductor chips, each which contain a collection of cells. In each cell, there are two conductor plates which act as a capacitor, and the finger (to be scanned) acts as the third capacitance plate, as moving the finger closer or further away from the capacitor changes the total capacitance of the capacitor. Because of this, the capacitance in a valley will have a different capacitance then that of a ridge, as each cell will have a different capacitance. A feedback loop connects the conductor plates to the amplifier, which then outputs the final voltage. Using the voltage output from each cell in the sensor, an image of the fingerprint is put together, as the capacitance in each cell will determine if a valley or ridge is being mapped. One upside to capacitance scanning is that the final image is not subject to distortion or trickery, as it does not require an actual image of the fingerprint in order to form a digital one. Additionally, because a semiconductor chip is much smaller then a CCD, capacitive scanners are much smaller and lightweight. 5.2.2 Voice Voice recognition technology is also a type of id-based authentication. While fingerprinting and most other biometrics technology (iris, facial, etc) utilizes image-based information to process an authentication request, voice, or speech recognition technology uses acoustic information to process such a request. There are two different types of voice biometrics: speaker verification and speaker identification. In speaker verification, the system confirms the identity of the person he/she claims to be, while in speaker identification, the system finds and assigns an identity to an unidentified person (Markowitz 69). For example, in speaker verification, a person would state his/her name or phrase and wait to be authenticated, while in speaker identification, a person would say anything and wait until the system found his/her identity and confirmed it. There are many parameters which affect the performance of a voice recognition system.12 Analysis of Hardware Controls for Secure Authentication 30 CS4235: Introduction to Information Security Voice recognition technology involves two main steps: feature extraction and acoustic modeling/classification. Feature extraction is the process of breaking up audio data into individual windows, called “frames.” The vast majority of speech recognition technology utilizes mel frequency cepstral coefficients (MFCC) to extract the raw data from the acoustic signal. MFCC, also used in various types of speakers around the world, are coefficients used to represent audio features. In the MFCC process, each individual frame is converted into an MFCC, or feature vector. After the entire audio signal is transformed into feature vectors, acoustic modeling/classification is employed in order to actually recognize and translate each individual word. For this, several different models/systems are used, as models such as Dynamic Time Warping, Neural Networks, and Hidden Markov Model (HMM) translate data into recognizable words. HMM is the most widely used model in voice recognition technology, as most new voice recognition systems use it to recognize words in speech. It utilizes finite state machines to model words, as it compares feature vectors it receives to mappings it already contains in its system (Rabiner 27). For example, it is similar to that of a person getting directions to a particular place. A person going to location B using a set of directions (take left down Peachtree Street, right on 10th Street, etc) is analogous to the patterns the system already has, mapping a particular auditory signal to a word. If that person were to follow a friend to location B, the person would then be able to compare his/her memory to the set of directions they received, similar to when a set of feature vectors are sent to the system to determine their meanings. 5.3 Market While in the past, only a few major companies were able to produce fingerprint scanners due to the amount of research and investment required, today fingerprint scanners Analysis of Hardware Controls for Secure Authentication 31 CS4235: Introduction to Information Security have become extremely inexpensive. In recent years, a host of different companies have started to manufacture fingerprint reading/scanning products. Companies such as Identix Inc., Bioscrypt Inc, and Ultra-Scan Corporation have become industry leaders through finger scanning products such as LiveScan, V-Pass™, and UltraTouch®. Many manufacturers have also begun to combine multiple biometric technologies – for example, Bioscrypt Inc. offers the V-Smart™ reader, which reads both a smart card and a fingerprint at the same time, therefore providing even more security to users. Voice recognition technology, on the other hand, is only just beginning to take off, resulting in far fewer companies then fingerprint scanning. For example, the field includes huge multinational corporations such as Microsoft and IBM, but also smaller, well established companies such as Nuance and QVoice Inc, which offer speech verification products such as Verifier and VoiceLock. 5.4 Pros and Cons Since fingerprints are natural and unique to each individual, they have clear advantages over most other authentication technologies, as fingerprint recognition is extremely stable (hard to lose a finger, unlike a password) and also very hard to forge. It is also relatively accurate, as the false match rate (the rate at which a user is misidentified in a database) is in the range of 0.01% - 0.15%, similar to the rate for voice and hand biometrics, and less then the rate for facial biometrics (O’Gorman 2027). Additionally, fingerprint scanners are very easy to use, meaning little training is required to use it. They are also extremely small, use very little power, and in recent years, have become relatively inexpensive. Conversely, fingerprint recognition cannot be used by everybody – for example, the elderly may have a tough time scanning their fingers in such a small device. In addition, while scanners are fairly accurate, they are not 100% accurate – for example, dirty, moist Analysis of Hardware Controls for Secure Authentication 32 CS4235: Introduction to Information Security fingers can easily cause a false rejection. Lastly, a strong cultural stigma is still connected with fingerprint scanning, as in the past, fingerprinting has been associated with criminal behavior. In contrast to fingerprint scanning, voice recognition technology is an instable biometric, as it can be altered. While it is not as difficult to forge as fingerprint scanning, it is still harder to deceive than other authentication systems, such as smart cards, hardware tokens, etc., as in the case of the latter, fooling a security system simply requires the physical object. As mentioned earlier, speech recognition is fairly accurate, as it is about as accurate as hand or fingerprint biometrics. One major advantage voice recognition has over other authentication technologies is the fact that it needs no extra hardware or training in order to operate, as it can utilize existing telephone lines. Because of this, it is easier to use and fairly low-cost compared to other authentication technologies. Conversely, voice recognition is subject to background noise and other distortions, which can affect its accuracy by causing false negatives or false positives. Additionally, because human voice is an unstable biometric, the physical state of the voice can also affect the accuracy rate, as old age (the voice changes over time) and sickness can distort the readings, and cause a false negative. Also, an attacker could potentially hack into the system by using an advanced recording that imitates the voice of a legitimate user (Markowitz 68). 5.5 Future Overall, fingerprint scanning stands as a fairly established authentication technology, as its longevity, its uniqueness, and its ease of use has caused it to become widely used across the world today. While huge growth in the field of fingerprint recognition is not expected because of its relatively old age, fingerprint scanning is projected to grow at a steady pace. Analysis of Hardware Controls for Secure Authentication 33 CS4235: Introduction to Information Security Through research and technological gains, a whole new generation of more accurate, lower cost fingerprint scanners are anticipated to flood the market in the near future. Because of its fairly recent entry into the field of authentication technology, speech recognition is a technology that is considered to still be in its infancy, as problems such as reading distortions and vulnerabilities plague it. However, it has a bright future ahead of it, as the use of voice recognition in biometrics is expected to rise – especially as technological breakthroughs and greater computational power allow more powerful, accurate, and low-cost voice recognition solutions to be developed. Text-independent (systems that can accept input continuously) speech recognition systems as well as speech systems that use multiple biometric technologies are expected to grow tremendously in the near future (Markowitz 73). 6. Conclusion As security becomes an increasingly important part of digital systems, the utilization of hardware controls becomes more pertinent. Systems with confidential military, business, and research information necessitate authentication which is nearly impossible to reproduce. In addition, private sector organizations are also beginning to realize the importance of protecting their seemingly insignificant data, due to the financial damage an information security attack can cause. Smart cards, hardware tokens, and biometrics are all hardware schemes which incorporate something a person possesses (whether it be knowledge, object, or ID-based) in order to strengthen the accuracy of authentication. Because technologies used in each of these fields of study are so hard to reproduce or break without possession, they are an excellent standard for the future of authentication. A smart card allows for quick access to secured areas and electronic resources. They are relatively cheap and can even store some simple user information. Unfortunately the Analysis of Hardware Controls for Secure Authentication 34 CS4235: Introduction to Information Security smart card does not allow for remote access (or remote access is a bit of a hassle with a mobile card reader). While the hardware token can take a variety of forms, typically a one-time-password (OTP) is generated allowing the user access to a system. This authentication is strengthened when this dynamic OTP is combined with a memorized password to create two-factor authorization. An important aspect of hardware tokens is that they can allow access to remote systems. USB tokens allow a user to encrypt files, store certificates, and digitally sign documents. Upcoming technologies including Bluetooth could make authentication even easier. Biometrics is a field which is constantly becoming more reliable. By analyzing the physical features of an individual, this technology provides relatively accurate and convenient means of verification. There are, however, a number of external variables that limit the accuracy of biometrics. It is evident that the more factors of authentication a security system contains, the more secure it is. Ultimately combining smart cards, hardware tokens, and biometrics for three-factor (knowledge, object and ID) authorization would be ideal, but the level of security provided must be balanced with the weight of the information being protected. Adoption of more secure methods is slow as private sector companies (a) do not have unlimited funding when it comes to security and (b) do not want to inconvenience or alienate their customers and employees. Security constantly needs to be updated as crackers are able to penetrate the existing security systems of institutions, however many institutions are reluctant to do so until a breach occurs. The irony is that as usage of hardware authentication increases, research and cheaper technology will become more prevalent. Institutions need to recognize the importance of protecting their electronic assets, and hardware authentication is a powerful, viable solution for this purpose. Analysis of Hardware Controls for Secure Authentication 35 CS4235: Introduction to Information Security 7. Notes 1 See Appendix A for a diagram representing the architecture of a chip card. 2 See Appendix A for diagrams illustrating the layout of a contact smart card. 3 See Appendix B for pictures of some popular hardware tokens. 4 All of RSA Security's current products generate a token once every sixty seconds. This includes them SecurID models 200, 600, 700, 800, and 900. 5 Images of KT-1 and USB-1 from CRYPTOCard are available in Appendix B. VeriSign's One-Time Password is also an example of an event triggered token. 6 O'Gorman goes explains two-factor authentication on page 2024 of Comparing Passwords, Tokens, and Biometrics for User Authentication, and how it applies to hardware tokens on page 2033. 7 The Aladdin Knowledge Systems, Verisign, and RSA are USB tokens which allow for encryption and digital signing. 8 Ten meters is based off of a class-two Bluetooth signal. Information on range is taken from Bluetooth.com, the official Bluetooth website. 9 See Appendix A for sample eigenfaces (Figure A3, source: National Science and Technology Council: Subcommittee on Biometrics). 10 See Appendix A for FRVT 2002 sample data (Figure A4, source: Phillips). 11 See Appendix A for arch, whol and loop prints (Figure A5). 12 See Appendix A for the parameters affecting the performance of voice recognition systems (Figure A6). Analysis of Hardware Controls for Secure Authentication 36 CS4235: Introduction to Information Security 8. Bibliography Abdelhameed, Rania, Sabira Khatun, Borhanuddin Mohd Ali, and Abdul Rahman Ramli. “Authentication model based Bluetooth-enabled mobile phone.” Journal of Computer Sciences 1.2 (2005): 200-203. Biryukov, Alex , Joseph Lano and Bart Preneel. “Cryptanalysis of the Alleged SecurID Hash Function.” Lecture Notes in Computer Science 3006 (2004): 130-144. Cohn, Jeff, Gross, Ralph, and Shi, Jianbo. “Quo vadis Face Recognition?” Third Workshop on Empirical Evaluation Methods in Computer Vision (December, 2001): 1-9. Cole, Ron. Mariani, H. Uszkoreit, A. Zaenen, and V. Zue. Survey of the state of the art in human language technology. Cambridge: Cambridge University Press, 1997. Corcoran, David, David Sims, and Bob Hillhouse. “Smart Cards and Biometrics: You’re Key to PKI.” Linux Journal 1999:59 1999. ACM Digital Library. Georgia Tech Lib., Atlanta, GA. 16 July 2006. CRYPTOCard Tokens. CRYPTOCard Secure Password Technologies. 14 July 2006. <http://www.cryptocard.com/index.cfm?PID=377>. Daugman, John G. “High Confidence Visual Recognition of Persons by a Test of Statistical Independence.” IEEE Transactions on Pattern Analysis and Machine Intelligence 15.11 (November 1993): 1148. Dhar, Sumit. “Introduction to smart cards” 1-9. Elsom, S.M. "Protection of Computer Software By Technical Measures.” Software Protection 4.6 (1985): 1-6. “Delivery of national ID cards starts next week.” Gulf News 10 July 2006. 13 July 2006. <http://archive.gulfnews.com/articles/06/07/10/10052713.html>. Everett, C. “Smart cards face long wait.” Infosecurity Today May-June 2006: 22-23. Analysis of Hardware Controls for Secure Authentication 37 CS4235: Introduction to Information Security Face Recognition Homepage – Research Groups. Face Recognition Homepage. 10 July 2006. <http://www.face-rec.org/research-groups/>. Face Recognition Vendor Test 2006 – Introduction. Face Recognition Vendor Test. 10 July 2006. <http://www.frvt.org/FRVT2006/>. FERET. Face Recognition Homepage. 10 July 2006. <http://www.frvt.org/FERET/default.htm>. Fontanella, A. “The Layered Look: The Latest Trend in ID Card Security.” Security Info Watch. 21 June 2006. 10 July 2006. <http://www.securityinfowatch.com/article/article.jsp?id=8523&siteSection=306>. Greenemeier, Larry. “U.S. Pushes For Advances in Facial Recognition.” InformationWeek 14 Mar 2005: npa. Hilley, Sarah. “Will Government ID schemes help infosecurity managers with their jobs?” Computer Fraud and Security February 2006: 10-12. History of Fingerprinting. Guardware Systems. Guardware Systems, 2000. 2-11. 16 July 2006 <http://biometrie.online.fr/dossiers/technique/empreintes/History_of_Finger printing.pdf#search='history%20of%20fingerprint%20recognition'>. Identix – Standards. Identix. 13 July 2006. <http://www.identix.com/trends/standards.html>. Ji, Shen, Fan Kefeng, Mo Wei, Wang Meihua, Zhao Xinhua. “Human Identification technique based on Iris Feature Watermarking.” Chinese Journal of Electronics 15.2 (2006): 251-256. Khuwaja, Gulzar A. “A Multimodal Biometric Identification System Using Compressed Finger Images” Cybernetics and Systems: An International Journal 37:1 2005: 23-46. Inspec. Georgia Tech Lib., Atlanta, GA. 16 July 2006. Li, Stan Z. “Face Recognition: Technical Challenges and Research Directions.” Lecture Notes in Computer Science 3338 (2004). 3. Analysis of Hardware Controls for Secure Authentication 38 CS4235: Introduction to Information Security Liaw, Horng-Twu, Jiann-Fu Lin and Wei-Chen Wu. “An efficient and complete remote user authentication scheme using smart cards.” Mathematical and Computer modeling. 44.1-2 (2006): 223-8. Markowitz, Judith A. “Voice Biometrics.” Communications of the ACM 43:9 2000: 66-73. ACM Digital Library. Georgia Tech Lib., Atlanta, GA. 16 July 2006. Mathieson, Steven. “Biometrics: what are they good for?” Infosecurity Today 2:1 2005: 2428. Inspec. Georgia Tech Lib., Atlanta, GA. 16 July 2006. National Science and Technology Council: Subcommittee on Biometrics. Face Recognition. NSTC: Subcommittee on Biometrics. 27 March 2006. Navarrete, Pablo, and Ruiz-del-Solar, Javier. “Eigenspace-based Face Recognition: A comparative study of different approaches.” IEEE Trans. On Sys., Man. & Cyb C. 16.7 (2005). 817-830. Noe, Jeffrey. “Contactless cards: The next big thing?” ABA Banking Journal 97.9 (2005): 4246. O’Gorman, David. “Comparing Passwords, Tokens, and Biometrics for User Authentication.” Proceedings of the IEEE 91:12 2003: 2021-2040. Inspec. Georgia Tech Lib., Atlanta, GA. 16 July 2006. O'Gorman, Lawrence. "Comparing Passwords, Tokens, and Biometrics for User Authentication." Proceedings of the IEEE 91.12 (2003): 2021-2040. Open Authentication Vision. Open Authentication (OATH). 15 July 2006. <http://www.openauthentication.org/vision.asp>. Pfleeger, Charles, and Shari Pfleeger. Security in Computing Third Edition. Upper Saddle River, NJ: Prentice Hall, 2003. Phillips, Jonathon P., Grother, Patrick, Michaels, Ross J., Blackburn, Duane M., Tabassi, Elham, and Bone, Mike. Face Recognition Vendor Test 2002. DARPA, National Analysis of Hardware Controls for Secure Authentication 39 CS4235: Introduction to Information Security Institute of Standards and Technology, DoD Counterdrug Technology Development Program Office, NAVSEA Crane Division [March 2003]. Rabiner, Lawrence R. "A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition." Proceedings of the IEEE 77.2 (1989): 257-285. 17 July 2006 <http://www.ece.ucsb.edu/Faculty/Rabiner/ece259/Reprints/tutorial%20on %20hmm %20and%20applications.pdf>. RSA SecurID Authenticators. RSA Security. 14 July 2006. <http://www.rsasecurity.com/products/securid/datasheets/SID_DS_0606-4pp.pdf>. Scheentra, Alize, Ruifrok, Arnout, and Veltkamp, Remco C. “A Survey of 3D Face Recognition Models.” Lecture Notes in Computer Science 3546 (2005): 891-899. Schneider, Ivan. "Bank of America Describes One-Time Password Plans." Bank Systems + Technology 42.4 (2005): 12. “Security is in the Cards.” Security. 42.4 (2005): 36-8. Shelfer, Katherine M. and J. Drew Procaccino. “Smart Card Evolution.” Communications of the ACM 45.7 (2002): 83-88. Smart Card Alliance, The. “Identity Management Systems, Smart Cards and Privacy.” <http://www.smartcardalliance.org/alliance_activities/publications.cfm>. Smart Card Alliance, The. “Logical Access Security: The Role of Smart Cards in Strong Authentication.” <http://www.smartcardalliance.org/alliance_activities/publications.cfm>. Smart Card Alliance, The. “Smart Cards and Biometrics Report.” <http://www.smartcardalliance.org/alliance_activities/publications.cfm>. Smart Card Forum. “What’s so smart about smart cards?” 1-12. Swartz, John. "How One Little Fob Could Foil a Cyber Bank Robber." USA TODAY Analysis of Hardware Controls for Secure Authentication 40 CS4235: Introduction to Information Security 2 Nov. 2005. “The Smart Card Alliance.” The Smart Card Alliance. 17 July 2006. <http://www.smartcardalliance.org>. Unified Authentication. VeriSign. 15 July 2006. <http://www.verisign.com/productsservices/security-services/unified-authentication/usb-tokens/index.html>. Weaver, Alfred C. “Biometric Authentication.” IEEE Computer Journal 39:2 2006: 96-97. Inspec. Georgia Tech Lib., Atlanta, GA. 16 July 2006. Weston, Tom. "Affordances of Voice Recognition." Dec. 2000. Stanford University. 17 July 2006 <http://florin.stanford.edu/~t361/Fall2000/TWeston/history.html>. Woodware, John D., Horn, Christopher, Gatune, Julius, and Thomas, Aryn. Biometrics: A Look at Facial Recognition. RAND Public Safety and Justice for the Virginia State Crime Commission [2003]. Zhao, W.Y., Chellappa, R., Rosenfeld, A. and Phillips, P.J. “Face Recognition: A literature Survey.” UMD CAR-TR-948 (2000). 1-17. Zumalt, Joseph R. “Voice Recognition Technology: Has It Come of Age?” Information Technology and Libraries 24:4 2005: 180-185. Inspec. Georgia Tech Lib., Atlanta, GA. 16 July 2006. Analysis of Hardware Controls for Secure Authentication 41
