Identity Authentication Technologies
advertisement
Identity Authentication Technologies An Overview and Comparison 15 September 2014 Catherine Tilton Global Identity Summit – September 2014 Agenda • • • • • • • • • Authentication & authentication technologies Authentication paradigms E-Authentication Multi-factor authentication – combining technologies Federated identity Biometric authentication architectures Security models & mechanisms Issues & considerations (challenges) Related standards – moved to Standards session Global Identity Summit – September 2014 The information security puzzle Non-repudiation Integrity Detection Confidentiality I&A Availability Authorization Identification & Authentication: Verifying the identity of the user Global Identity Summit – September 2014 Access control Logical Access Control • Related to information security (INFOSEC)/ information assurance (IA) space • Involves user authentication and authorization • Controls access to: – Computer systems (workstations, etc.) – Network resources – Software applications – Data • Single sign-on Global Identity Summit – September 2014 Physical Access Control • Related to perimeter security • Involves identification of personnel entering/exiting • Controls access to: – Buildings – Secure areas – Checkpoints/portals • Includes guards, keys, badges, etc. • Throughput time is a key consideration • Integration with existing physical access control systems Identification & Authentication Methods • Something you know – Passwords – PINs – Mother’s maiden name • Something you have – ATM card – Smart card – Token • Something you are – Biometrics Addressing the weakest link Global Identity Summit – September 2014 Authentication v. Authorization • Authentication – Verifying the identity of an individual • Authorization – Convey privileges to an authenticated identity • Authentication is seldom an end in itself • The objective is usually Authorization • A biometric template (like a password) can be associated with an account • Successful authentication may authorize use of (or access to) that account Global Identity Summit – September 2014 Logical access uses Control employee access to sensitive files and applications Biometric Authentication Internet E-commerce or Internet bank customer Global Identity Summit – September 2014 Enterprise Web Server The password dilemma Low Security AND User Inconvenience Global Identity Summit – September 2014 The trouble with passwords • Passwords are easily guessed, stolen, shared, hacked, social engineered • Weak passwords are the norm – Published lists of “Top-10” passwords • When strong passwords are used, they are difficult to remember, so people write them down • Huge administrative cost due to password resets – Estimates range from $50-300/user/year – #1 help desk call • 80% of intrusions are based on password attacks But … passwords are “free” and widely accepted Global Identity Summit – September 2014 Top 25 Passwords for 2013 1. 123456 (Up 1) 2. password (Down 1) 3. 12345678 (Unchanged) 4. qwerty (Up 1) 5. abc123 (Down 1) 6. 123456789 (New) 7. 111111 ( Up 2) 8. 1234567 (Up 5) 9. iloveyou (Up 2) 10. adobe123 (New) 11. 123123 (Up 5) 12. admin (New) 13. 1234567890 (New) 14. letmein (Down 7) 15. photoshop (New) 16. 1234 (New) 17. monkey (Down 11) 18. shadow (Unchanged) 19. sunshine (Down 5) 20. 12345 (New) 21. password1 (up 4) 22. princess (New) 23. azerty (New) 24. trustno1 (Down12) 25. 000000 (New) Source: CBS News: http://www.cbsnews.com/news/the-25-most-common-passwords-of-2013/ Global Identity Summit – September 2014 Well … OK Global Identity Summit – September 2014 Password characteristics • Based on shared secrets • Password strength based on: – – – – – – – – – – Composition Length Lifetime Source Ownership Distribution Storage Entry Transmission Authentication Period See FIPS 112* Global Identity Summit – September 2014 Obligatory cartoon Global Identity Summit – September 2014 Other knowledge based methods • KBA (knowledge based authentication) – tests personal knowledge of the individual against information obtained from public databases – Static or dynamic • Pre-registered knowledge techniques – challenge/security questions • Image recognition methods (including faces) – e.g., selecting pre-registered images from a set on multiple pages • Pattern swipes – popular on some mobile devices • Others? Global Identity Summit – September 2014 Biometrics Global Identity Summit – September 2014 Biometrics overview • What are Biometrics? – automated recognition of individuals based on their biological and behavioural characteristics ISO/IEC 2382-37 • Examples of Biometric Types: - Fingerprint - Facial features - Voice - Signature - Iris - Retina Global Identity Summit – September 2014 - Hand geometry - Facial thermography - Keystroke dynamics - Palm print - Vein patterns - DNA (?) How do biometrics work? Enrollment: Present biometric Capture Process Store No Match Compare Verification: Match Present biometric Capture Global Identity Summit – September 2014 Process Example biometric devices Global Identity Summit – September 2014 Benefits of biometrics • Cannot be forgotten, lost, shared or stolen • Security – Replace vulnerable passwords – Links an event to a real person – Accurate - positive authentication – Protects personal privacy • Convenient - nothing to carry or remember • Non-repudiation - provides positive audit trail of events • Cost Savings - reduces helpdesk support costs for password resets • Compliance - helps comply with legislation and regulations Biometrics link the event to a particular individual, not just to a password or token, which may be used by someone other than the authorized user Global Identity Summit – September 2014 Physical Tokens Global Identity Summit – September 2014 Physical Tokens SafeNet iKey RSA SecureID Privaris PlusID Global Identity Summit – September 2014 Spyrus HSMs iButton Mobil SpeedPass Smartcards (PIC/CAC) Smartcards, RF, and proximity badges • Allow users to authenticate without entering a claimed identity • Variety of effective ranges • Can automatically logoff user • Can bind cardholder to card • Provides multi-factor authentication – Higher level of security Global Identity Summit – September 2014 Smartcards (aka chipcards) • Smartcards v. Memory cards • Contact & contactless – – – – ISO 7816 / ISO 14443 A/B / ISO 15693 Contact mostly used for logical access Contactless mostly used for physical access Hybrid or Dual Interface • Card architectures & operating systems – – – – Javacard Native OS Multos EMV • May include embedded cryptographic functions – FIPS 140-2, Level 2/3 • Typical card today: 8-32 bit, 64-128KB Global Identity Summit – September 2014 Secure microprocessor chip • • • • • • • • • • • An 8 to 32-bit central processing unit (CPU); Read Only Memory (ROM) or flash memory that contains the chip’s operating system and, optionally, application software; Random Access Memory (RAM) that serves as a temporary register for data; Other non-volatile memory that is used for storage of user data (e.g., Electrically Erasable Programmable Read Only Memory (EEPROM), ferroelectric RAM, flash memory); Features that integrate countermeasures against known and foreseen security threats to achieve Common Criteria or FIPS 140-2 certification; Environmental sensors (e.g., voltage, frequency, temperature); At least one serial communication port; A random number generator; Timers; Optional cryptography engine(s) (e.g., providing support for DES, 3DES, AES, RSA, ECC); Optional other dedicated peripherals (e.g., checksum accelerator, Serial Peripheral Interface (SPI) communication port). Source: Government Smart Card Handbook Global Identity Summit – September 2014 Multi-technology smartcard Contactless ICC 125 khz Prox Antenna Magnetic Stripe Organization Name Or Logo Digital Photograph Card Front Bar Code Contact ICC Front Source: Government Smart Card Handbook Global Identity Summit – September 2014 Back Card Back Contactless technology comparison Contactless Technology Comparison Features 14443 15693 125 kHz Standards ISO/IEC 14443 ISO/IEC 7810 ISO/IEC 15693 ISO/IEC 7810 None (de facto) Frequency 13.56 MHz 13.56 MHz 125 kHz Read range Up to10 centimeters (~3-4 inches) Up to 1 meter (~3.3 feet) Up to1 meter (~3.3 feet) Chip types supported Memory Wired logic Secure microcontroller Memory Wired logic Memory Wired logic Encryption and authentication functions MIFARE encryption, DES/3DES, AES, RSA, ECC Supplier-specific, DES/3DES Supplier-specific 64 to 72K bytes 256 and 2K bytes 8 to 256 bytes Read/write ability Read/write Read/write Read only Data transfer rate (Kbytes/second) Up to 106 (ISO) Up to 848 (available) Up to 26.6 Up to 4 Yes Yes Optional Challenge/Response Challenge/Response Password Hybrid card capability Yes Yes Yes Contact interface support Yes No No Storage capacity range Anti-collision Card-to-reader authentication Global Identity Summit – September 2014 Source: Government Smart Card Handbook Conceptual architecture Public Key Certificates Public Key / Biometric Template Certificates Card Certificate/Attribute Authority Workstation Card Personalization System Card Data Cardholder Database Card Printer Central Card Management System Completed Cards Integrated Card Data Video Camera Account Set-up Data Physical Access Control System Biometric Scanner Biometric Scan Digitized Signature Scanner Digitized Photo Integrator Logical Privileges Signature Enrollment Workstation Government Employee Source: Government Smart Card Handbook Global Identity Summit – September 2014 Logical Access Control System Personnel System Card technology comparison Feature with respect to security Comparison of Dynamic versus Static Technology with Relation to Memory and Security 9 On-card biometric 8 Crypto coprocessor 7 Dynamic session key On-card Biometric 6 Data access security Dynamic IC 1. 1D bar code 2. Magnetic stripe 3. 2D bar code 4. Optical stripe 5. Memory chip 6. ICC 7. Java firewalled 8. PKI on-card key generation 9. Biometric matchon-card 5 4 Encrypted data Media authenticity Unique identifier 2 3 Static Storage 1 30b 1k 1.5k 8k 16k 32k 64k Memory Storage of the Medium Source: Government Smart Card Handbook Global Identity Summit – September 2014 2M 4M Cryptography/PKI Global Identity Summit – September 2014 Public key infrastructure (PKI) SENDER RECEIVER Cleartext Cleartext Public Key Private Key Decrypt Encrypt Ciphertext Key Confidentiality Ciphertext Asymmetric keys are used to protect symmetric keys. Global Identity Summit – September 2014 PKI (cont’d) SENDER RECEIVER Cleartext Cleartext Hash Hash Private Key Public Key Verify Sign Signature Signature Non-repudiation Global Identity Summit – September 2014 ? Mutual authentication Authentication Device Host System Generate Random Number RN1 [RN1], RN2 Decrypt received RN1 & compare to original Encrypt RN1, Generate RN2 If matches, device authenticated Encrypt RN2 [RN2] Decrypt received RN2 & compare to original If matches, host authenticated Simple example based on symmetric keys, challenge-response protocol Global Identity Summit – September 2014 TLS Authentication Server Client ClientHello ServerHello Certificate* ServerKeyExchange* CertificateRequest* ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished [ChangeCipherSpec] Finished Application Data Application Data Secure Channel Source: RFC 5246 Global Identity Summit – September 2014 Kerberos (crypto based authentication) Key Distribution Server Client ticket request Generate ticket request Client derives the user's key from the password, decrypts the response packet and verifies the timestamp and service identity. Global Identity Summit – September 2014 Obtains key for the client and service, creates a temporary session key, prepares a response packet containing a ticket encrypted under the service's key, and encrypts the response packet under the client's key. response packet RESPONSE PACKET (Encypted under client's key) Temporary session key Ticket Server identity Timestamp Validity interval TICKET (Encypted under service's secret key) • Temporary session key • Client identity • Timestamp • Client address • Validity interval Kerberos (cont’d) Service Client service request Generate service request SERVICE REQUEST Ticket Authenticator Decrypts the ticket contained in the service request with the services's secret key. The request is considered valid if the client's name and address match in the ticket and authenticator, and the timestamps are accurate. Authenticator (optional) AUTHENTICATOR (Encrypted under session key) Client identity Client address Timestamp Global Identity Summit – September 2014 Proof of Possession • How do you prove possession of a physical token remotely? • This is generally done by either: – Proving the physical token contains a software token/object, such as a cryptographic key • Key possession proved by protocols such as those described – Proving the physical token can generate or receive (at a unique address) a time-bound piece of data • One-time passwords (OTP) • That is why keys, tickets, OTPs, etc. are considered “what you have” factors • NOTE: Higher levels require proof of possession AND control. Global Identity Summit – September 2014 Authentication models Traditional authentication model Biometric authentication Global Identity Summit – September 2014 Authentication models • Two processes – Registration & Authentication • Features of traditional model – Tokens are always secrets and it is the responsibility of the subscriber to protect them. – It is undesirable for verifiers to learn shared secrets unless they are a part of the same entity as the CSP that registered the tokens. In SP800-63 parlance: Tokens are authentication data objects. A CSP is a Credential Service Provider, the issuer of electronic credentials. A credential is an object that binds an identity to a token & is presented to the verifier during an authentication transaction. Global Identity Summit – September 2014 Traditional model - registration Subscriber Identity (Secret, opt) Credential • Applies Est. Identity (+ opt secret) Credential • Identity proofing • Generate/Register Token • Issues Credential (bind identity to token) • “An applicant applies to a Registration Authority (RA) to become a subscriber of a Credential Service Provider (CSP) and, as a subscriber, is issued or registers a secret, called a token, and a credential that binds the token to a name and possibly other attributes that the RA has verified. The token and credential may be used in subsequent authentication events.” [SP800-63] Global Identity Summit – September 2014 Traditional model - authentication Claimant Token PoP (Authen. Protocol) Assertion Access • Requests access • Verifies identity • Checks authorization • Grants access • During authentication, when the party to be authenticated (called a claimant) successfully demonstrates possession and control of a token to a verifier (the party verifying the identity) through an on-line authentication protocol, the verifier can verify that the claimant is the subscriber. • The verifier passes on an assertion about the identity of the subscriber to the relying party. The relying party can use the authenticated information provided by the verifier/CSP to make access control or authorization decisions. Global Identity Summit – September 2014 Biometric model – registration/enrollment Subscriber Identity + Biometric Est. Identity + biometric Credential Credential • Applies • Identity proofing • Enrolls biometric • Register Biometric • Build Credential (bind identity to ref. biometric) • The applicant/subscriber enrolls (provides) their biometric data to the RA/CSP. The biometric reference data in this case is analogous to an authentication token except that: – It is not a secret known by the subscriber or a secret generated by the CSP – it is an inherent characteristic of the subscriber (though it *may* also incorporate knowledge-based content). – The reference biometric is bound to the identity by the CSP. The resulting credential (unless it is instantiated within a physical token) does not need to be issued to the subscriber since he retains the source of the biometric data (himself). Global Identity Summit – September 2014 Biometric model - authentication Biometric Authentication Server Claimant Claimed identity + Live biometric Assertion Access • Requests access • • Verifies identity (through biometric matching) • Checks authorization • Grants access During authentication, the claimant presents a new biometric sample to the verifier, to be compared with that originally registered and incorporated into the credential. – For server-based matching: • This requires that the verifier have knowledge of the registered biometric (credential) OR that a separate biometric authentication service be used. A method to register the reference biometrics with the biometric server would be required (i.e., a relationship with the CSP is implied). – For local matching (e.g., on a physical token): • The live sample is matched against the biometric credential stored locally, releasing a separate token for use in the traditional authentication protocol. Global Identity Summit – September 2014 Model differences • The main difference – Instead of proving possession of a CSP issued credential, the claimant proves he can present a biometric sample from the same source as that originally registered. – The authentication protocol is therefore not engineered to verify proof of possession (PoP), but to ensure the integrity and authenticity of the live sample and to verify that it matches the registered biometric credential. • This is in some ways “backwards” from the traditional model in that: – The biometric “token” is provided by the subscriber to the CSP rather than issued by the CSP to the subscriber. – It is not the credential (issued token) that is provided for verification, but the credential that the provided biometric is verified against. Global Identity Summit – September 2014 E-Authentication Global Identity Summit – September 2014 The problem • Electronic authentication (e-authentication): – the process of establishing confidence in user identities electronically presented to an information system • Remote e-authentication – Establishing identity over an open network that you do not control from a node that is outside of your supervision Global Identity Summit – September 2014 Open and closed networks Internet LAN / WAN Global Identity Summit – September 2014 Local and remote authentication • Local authentication – Verifier has more control • May be attended • Verifier knows where claimant physically is • Remote authentication – Verifier control and supervision is harder • Claimant often uses his own system • Authentication process generally unattended • Verifier doesn’t know where claimant is – Protocols usually use secrets • Many well-studied protocols Source: B. Burr, NIST Global Identity Summit – September 2014 OMB M-04-04 E-Authentication Guidance for Federal Agencies • Scope is e-Government • Does not mention biometrics (or any technology) • Defines 4 levels of assurance: Level Confidence in Asserted Identity’s Validity 1 Little or none 2 Some 3 High 4 Very High Global Identity Summit – September 2014 SP 800-63 Electronic Authentication Guideline • Biometric methods are widely used to authenticate individuals who are physically present at the authentication point, for example for entry into buildings. • Biometrics do not constitute secrets suitable for use in the conventional remote authentication protocols addressed in this document. • In the local authentication case, where the claimant is observed and uses a capture device controlled by the verifier, authentication does not require that biometrics be kept secret. • The use of biometrics to “unlock” conventional authentication tokens and to prevent repudiation of registration is identified in this document. Global Identity Summit – September 2014 800-63-1 Token Types • • Levels 1&2 require 1 factor; Levels 3&4 require 2 factors. Biometrics allowed at levels 3&4 to access token. Global Identity Summit – September 2014 Multifactor Authentication Global Identity Summit – September 2014 Authentication – method comparison Possession Biometric • Subject to memory loss • Subject to left behind • Carry it with you • Subject to guessing • Subject to duplication • Difficult to counterfeit • Social engineering • Social engineering • Cannot give away • Ubiquitous (logon) • Common (phys. access) • Niche markets • Reliable • Reliable • Improved • ‘Free’ • Costly • Lower • Easy to use • More difficult to use • Easy to use • 4-8 characters • 105 <-> 10290 • 109 <-> 1070 • Difficult to manage • Difficult to manage • Difficult to manage Knowledge • Enrollment process Source: J. Stapleton, KPMG Global Identity Summit – September 2014 Passwords • Discrimination high – Large password space –high entropy • Technically strong – Long string = High entropy, very long time to exhaust – Cryptographically strong algorithms – can’t be reverse engineered • Procedurally weak – – – – – Short passwords = Low entropy Easy-to-guess passwords = Low/zero entropy Written down = Zero entropy Divulged to colleagues = Zero entropy Vulnerable to social engineering attacks = Zero entropy • Password security paradox – Increased technical strength ►decreased procedural strength Source: P. Statham Global Identity Summit – September 2014 Tokens • Discrimination very high – token store “password” • Technically (quite) strong – Difficult to copy – physical barriers – Very difficult to modify – physical and cryptographic barriers – Attacks needs considerable expertise and specialized equipment • Procedurally weak – Loss – Theft – But at least you know when it’s missing! Source: P. Statham Global Identity Summit – September 2014 Biometrics • Discrimination medium-high (depending on modality) – Entropy limited by FAR • Not directly equivalent to password entropy because you can’t mount a simple exhaustion attack • Technical strength medium – Spoofing – Reverse engineering of stored templates – Capture of stored images • Procedurally strong – Not so reliant on human discipline – Human failures don’t weaken the binding in the same way as for passwords and tokens Source: P. Statham, CESG Global Identity Summit – September 2014 Considerations Capabilities Biometrics Positive ID of human user Enrollment logistics Fixes identity in time Secure environment Technology performance Portable/secure storage Smart Cards Crypto device Tokens Crypto / PKI Considerations Document/record signing Mutual authentication Global Identity Summit – September 2014 Distribution/inventory control Space usage Processing power Card issuance/mgmt Complexity Key management Infrastructure Security certification Cross certification/trust models INFOSEC requirements Crypto / PKI Biometrics I&A PW based Unique Authorization Supports Supports Integrity Dig Cert No Confidentiality Encryption No Non-repudiation Some doubt Yes Detection No No Global Identity Summit – September 2014 Multifactor authentication Source: Smart Card Alliance Global Identity Summit – September 2014 Multifactor – 2 types Chained Authenticates to Releases Transmits to Verifier What you Know or are What you have Secret Parallel 1234 Global Identity Summit – September 2014 >1 Verifier Synergistic technologies Biometrics Smart Cards PKI Global Identity Summit – September 2014 Mutual benefits USES Biometrics Crypto/PKI Crypto/PKI • SC portable/secure • Secure template template storage during xmt/store • Claimed identity • Dig sign template nd • 2 authen. Factor • Dig sign components • SC becomes BSP Biometrics Smart Cards Smart Cards • Access ctrl to card • Unlock secrets on card • Verify cardholder as cardowner • Secure data on card • Secure reader I/F • Mut auth. SC apps. • Prove possession • Protect access to • SC becomes CSP private key/dig cert • SC portable/secure • Enhance nonkey/cert storage repudiation BSP=Biometric Service Provider CSP=Crypto Service Provider Global Identity Summit – September 2014 Example – document signing Create document Biometric authentication Release Dig. Cert. match Initiate signature John Hancock Network Signed document * Similar process for PKI enabled applications, including cert based network login. Global Identity Summit – September 2014 Example – PIV system PIV Card Issuance and Management Access Control Authorization Data PKI Directory & Certificate Status Responder Physical Access Control Key Management Identity Proofing & Registration Card Issuance & Management I&A I&A PIV Card PIN Input Device Biometric Reader PIV Front-End Source: FIPS 201 Global Identity Summit – September 2014 Physical Resource Logical Access Control Card Reader /Writer Cardholder Applicant Authorization Authorization Logical Resource Authorization Data PIV authentication technologies Mandatory Optional • a PIN • a CHUID • PIV authentication data • 1 or 2 iris images • 1 or 2 fingerprint templates for on-card comparison (OCC) • a symmetric Card Authentication key for supporting physical access applications • a symmetric PIV Card Application Administration key associated with the card management system. – one asymmetric private key and corresponding certificate • 2 fingerprint templates • an electronic facial image • card authentication data – one asymmetric private key and corresponding certificate Conditionally • Digital signature key/cert • Key management key/cert Global Identity Summit – September 2014 PIV graduated assurance levels Physical Access Logical Access Source: FIPS 201-2 Global Identity Summit – September 2014 Comparison of biometric credentials Program Modes Qty Encry Sign Interface* PIV FP-temp Face 2 1 N Y C RT FP-temp Iris-polar Face 2-4 0-2 1 N Secty Obj. (C/L future) TWIC FP-temp Face 2 1 Y Y C/CL ePass Face FP (opt) Iris (opt) 1 0-N 0-2 N Secty Obj. CL * C=contact, CL=contactless Global Identity Summit – September 2014 C Prot. Mech. PIN Mut. Auth. BAC/TPK** BAC/ Mut. Auth. ** BAC=Basic Access Control; TPK=TWIC Privacy Key What about FIDO? • FIDO also supports multiple authentication technologies Global Identity Summit – September 2014 Federated Identity Global Identity Summit – September 2014 Federated Identity • Goal – an environment where subscribers and relying parties may choose among a marketplace of identity providers and where a credential issued by one provider may be used at multiple relying parties. – Reduce the number of credentials an individual must manage – Provide choice to RPs and subscribers – Support multiple levels of assurance Global Identity Summit – September 2014 SP800-63 Model Global Identity Summit – September 2014 National Strategy for Trusted Identities in Cyberspace • Report issued by the White House in April 2011. – Outgrowth of the President’s Cyberspace Policy Review • Vision: – Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation. • The realization of this vision is the user-centric “Identity Ecosystem” – an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices. • National Program Office (NPO) established within Dept of Commerce (NIST). Privately led Steering Committee stood up. Global Identity Summit – September 2014 NSTIC Model Global Identity Summit – September 2014 Roles • Identity Provider (IDP) – responsible for establishing, maintaining, and securing the digital identity associated with a subject; issues identity credentials • Relying Party (RP) – the service provider (app provider) who needs to authenticate subscribers. Makes transaction decisions based upon its receipt, validation, and acceptance of a subject’s authenticated credentials and attributes • Subscriber – subject of a transaction, to be authenticated; entity registered with an IDP • Attribute Provider – responsible for establishing and maintaining identity attributes (e.g., verifying a person is >17 years old, part of a group, etc.) • Trust Framework – group f interoperable IDPs following the same technical, policy, and business standards Global Identity Summit – September 2014 Trust Frameworks • Enables a party who accepts a digital identity credential to trust the identity, security, and privacy policies of the party who issues the credential and vice versa. • Comprises: – – – – – – Global Identity Summit – September 2014 Policies Standards Legal agreements Operating rules Interoperability requirements Accreditation & Certification schemes Mobile Global Identity Summit – September 2014 The challenge Dog Fraudster Hacker Terrorist Legitimate User Global Identity Summit – September 2014 Device/App App Server (Relying Party) The environment We are at the pivotal intersection of two fundamental & global paradigm shifts 1. The move to digital interactions • Has been occurring since the web went mainstream • Social networking leading to greater online presence • Identity fraud rates are high and growing • Current authentication methods (PIN/Passphrase based) are woefully inadequate; alternatives are expensive 2. The emerging ubiquity of connected mobile computing devices (e.g. smart phones/tablets) • Massive consumer adoption • Always connected, managed computing platform in your hands at all times • Greater utility beyond handset Global Identity Summit – September 2014 The App • Apps (and functions/transactions within apps) vary in risk/sensitivity and thus the levels of assurance required • Users need to authenticate into multiple apps (daily) • Contexts change - different conditions may exist at different times (e.g., location, threat levels, etc.) Global Identity Summit – September 2014 The platform • The mobile platform is versatile • Can be used to host a variety of authentication methods – traditional and biometric • These can be used to authenticate into the mobile app, but … • This platform can serve as the authentication platform into traditional applications and web apps as well! Global Identity Summit – September 2014 In-band v. Out-of-band • In-band: The authentication channel is the same as the transaction channel. • Out-of-band (OOB): The authentication channel is separate from the transaction channel. App Server / Authentication Server Transaction Authentication In-band example Global Identity Summit – September 2014 Example OOB Relying Party Application Request Authentication Authentication Server (Identity Provider) Authentication Results Request Transaction Access Decision Authentication Package Authentication Response Subscriber (User) Global Identity Summit – September 2014 Authentication Platform Authentication Challenge(s) Biometric Authentication Architectures Global Identity Summit – September 2014 Biometric reference architecture Source: ISO/IEC JTC1 SC37 SD11 Global Identity Summit – September 2014 Biometric architectures • Storage Locations – Central/distributed – Local workstation – Device/peripheral – On-token • Matching Locations – Server – Local/client – Device/peripheral – On-token Store Server Client Device X X Match Server Client X X Device X X Token X X * Processing may be performed at point of capture or point of matching Global Identity Summit – September 2014 X Token X Why does Where matter? Component Selection Affects: Design Privacy Speed Vulnerability Points Global Identity Summit – September 2014 Connectivity Requirements Central storage • Enrolled biometric templates stored in central or distributed database or directory • Enables simplified/central administration • Supports roving users • Server generally physically secure/behind firewall • Requires protection of template during transmission and storage – Encrypt & sign template – Secure communications channel – Access controls on database Global Identity Summit – September 2014 Workstation storage • Enrolled templates stored locally on host workstation hard disk or other media • Frequently done for access to local or standalone (nonnetworked) workstation • May also be used for network access; however, requires that users be enrolled at each workstation access point or that a secure method of template distribution be provided • Template protection is required (client platforms generally considered “untrusted”) Global Identity Summit – September 2014 Device storage • Some biometric devices provide on-board storage for some number of biometric templates • Generally provides hardware protection of data; however, cryptographic protection also recommended • Most suitable for local resource access • Network access possible with suitable distribution mechanism Global Identity Summit – September 2014 Smart card storage • Enrolled biometric may be stored on the smart card • Provides “portable” biometric database • Newly captured sample compared against template on card • May facilitate authentication of owner to card or unlocking secrets on card, depending on where matching occurs • Storage space on card generally limited – May limit types of technologies or number of samples • Template sizes range from 9B to >5KB Global Identity Summit – September 2014 Central matching • Matching performed at central server or cluster of servers • Server generally physically secure/behind firewall • Capitalize on increased processing power available – Preferred for 1:many search/matching • Facilitates access control to networked resources • Enables central administration/control of security policies • Requires: – Reliable network connectivity to access point – Secure communications – Reliable server configuration (redundancy/failover) Global Identity Summit – September 2014 Local workstation matching • Matching algorithm executes within local host platform (workstation) • Used when authentication is being performed for access to the local resource only. • In a networked environment, protections must be in place to ensure that the results of the matching are securely translated into access rights to network resources. – An untrusted workstation cannot declare that a successful biometric authentication has occurred when in fact it has not. – This can be achieved through incorporation of a secure environment which provides a trusted path through mutual authentication of components. Global Identity Summit – September 2014 Device matching • “Self-contained devices” – Processing/matching algorithms are instantiated in hardware (or ROM) within the biometric capture device – May or may not also include on-board storage of the biometric template • If not, the enrolled template is passed into the device – The new biometric sample is captured, processed, and matched against the enrolled template internally – A "match/no-match" result is returned to the application, perhaps with match scores through the device interface • Advantage is generally speed • Considerations – Same considerations as for local matching – Requires secure environment within the workstation when used for network access. Global Identity Summit – September 2014 On-card matching • Some smart cards possess adequate processing power to perform the biometric processing/matching on the card itself. • Particularly useful if: – The biometric template is also stored on the card and/or – The biometric sensor is also located on the card or card reader • Facilitates authentication of the card owner or unlocking of secrets on the card (i.e., PIN replacement) • Security implications: – Once enrolled, template does not leave card – Tamper resistance of card Global Identity Summit – September 2014 Expanding card configurations enrollment System On Card Data Collection processed data raw data template Storage Processing Store On Card score initiate Application Matching yes/no Decision adaptation Match On Card Source: Adapted from X9.84 Global Identity Summit – September 2014 Security Models & Mechanisms for Biometric Authentication Global Identity Summit – September 2014 Attack types • Input-Level Attacks – Spoofing – Bypassing/Overloading Processing and TransmissionLevel Attacks - Hacking - Skimming/Sniffing - Hill-climbing • Backend- and Storage-Level Attacks – Implantation – Infiltration – Hacking Source: IBG Global Identity Summit – September 2014 Generic threat model Storage 7 9 6 Data Collection 2 1 4 3 Decision Matching Signal Processing 8 10 5 Verifier 11 Source: “Study Report on Biometrics in E-Authentication”, M1/07-0185rev, http://standards.incits.org/apps/group_public/download.php/24528/m1070185rev.pdf, with credit to N. Ratha. Global Identity Summit – September 2014 Threats and countermeasures (examples) Location 1 – Data Collection Threats Countermeasures Device substitution Liveness detection Challenge/response Mutually authenticate device Spoofing 2 – Raw Data Transmission Replay attack 3 – Signal Processing (Software) Component replacement Manipulation of match scores Debugger hostile environment 5 – Matching Hill climbing 7 - Storage 9 – Decision Database compromise (reading/replacing template, changing bindings) Threshold manipulation Excerpt. Entire table located in M1/07-0185rev Global Identity Summit – September 2014 Sign data, timestamp, session tokens/nonces, secure channel Sign components Coarse scoring, trusted sensor, secure channel, limit attempts DB access controls, sign/encrypt templates, store on secure token Protected function, data protection Countermeasures • Liveness Detection. Techniques by which systems determine that a submitted sample is from a living person. • Challenge/Response. A protocol in which the user is challenged to provide a live response as part of the authentication process. For behavioral biometrics, the response would be embedded in the biometric characteristic captured (i.e., a spoken, written, or typed word). For physiological biometrics, it could be a specific finger for facial expression. • Nonces. Standing for “Number ONCE”, an arbitrary number that is generated for security purposes such as an initialization vector. A nonce is used only one time in any security session. In this context, it would involve the matching server generating and sending a nonce to the capture client/device which would then embed the nonce into the (signed) biometric sample so that when the matcher receives it, it can validate that the sample came from who it was very recently sent to. • Signed Components. Software or firmware components are digitally codesigned and validated during installation and/or use to mitigate against their modification or substitution. (An example would be a signed biometric algorithm DLL.) Global Identity Summit – September 2014 Countermeasures (cont’d) • 1:1 Matching. Since a single attempt against a 1:N system allows an attacker to simultaneously attack ALL biometric references, limiting each attempt to a single biometric reference, for which the account ID (claimed identity) must be known, increases the difficulty of an attack. • Multibiometric/Multifactor. The requirement to use more than one biometric characteristic or more than one authentication technology/method, increasing the sophistication and resources required of an attacker. • Debugger Hostile. Methods to detect or prevent data from being manipulated while in RAM/memory (such as is done by code debuggers which could be used to change a match decision, for example). • Coarse Scoring. The return of match scores of sufficiently large incremental resolution such that small changes in input samples would result in a change in matching score smaller than that increment. In this way, an attacker does not receive the feedback required to successfully mount a hill-climbing attack. Global Identity Summit – September 2014 Data transfers • Biometric authentication data vulnerable during transmission & storage • Architecture dictates transmission path for both live sample (S) & reference template (T) • Countermeasures – Sign/encrypt data – Secure channels – Timestamp, session tokens, nonces – ACBio T: Template S: Sample Global Identity Summit – September 2014 Store on server/match on server • One of most used architectures • Lends itself to a network environment • Co-location of storage/matching • Example: Web services implementation • Potential vulnerabilities: – Transfer of live sample to server – Database compromise Global Identity Summit – September 2014 Storage 7 9 6 Data Capture 2 1 4 3 Decision Matching Signal Processing 8 5 10 Verifier 11 Client/Device Server This architecture stores biometric templates on a server and requires that live samples be submitted back to the server in order for the matching process to occur. Once a match or no match result has been determined, the result is then sent to the verifier and the appropriate actions take place. Store on client, match on client • • • • Fast authentication Standalone/ disconnected operation Example: Login to laptop via embedded sensor Potential vulnerabilities: – Storage on “untrusted” platform – Transmission of results Storage 7 9 6 Data Capture 2 1 Decision Matching Signal Processing 4 8 3 5 10 Verifier 11 Device Client Server This architecture stores biometric templates on a client platform and requires that live samples be captured and matched at the client. Once a match or no match result has been determined, the client application communicates the result to the verifier. Global Identity Summit – September 2014 Store on device, match on device • • • • Device: “selfcontained” biometric sensor unit, PDA, smart phone Match can result in the release of a cryptographic token Example: PACS Potential vulnerabilities: – Integrity of device (tamper resistance, certification) – Transmission of results Global Identity Summit – September 2014 Storage 7 9 6 Data Capture 2 1 4 3 Decision Matching Signal Processing 8 5 10 Verifier 11 Device This architecture stores biometric templates on an authentication device and requires that live samples be matched on that device. Once a match or no match result has been determined, the device sends the appropriate signal to the mechanism it is securing. Store on token, match on device • Single token/ biometric reader device • Use cases: Physical Token – PDA – Physical access • Privacy friendly • Potential vulnerabilities • – Integrity/tamper resistance of physical token – Transmission of reference template PIV (FIPS-201) model – PACS – For LACS, off-card matching could occur in device, client, or server Global Identity Summit – September 2014 Storage 7 9 6 Device Data Capture 2 1 4 3 Decision Matching Signal Processing 8 5 10 Verifier 11 This architecture stores biometric templates on a physical token such as an integrated circuit chip card or smart card. The live sample is compared and matched on the local device. Store on token, match on token • • • • • • “Match on Card” Biometric PIN replacement Closest to SP80063 implementation Match can ‘unlock’ other authentication mechanisms Privacy friendly Potential vulnerabilities: – Integrity/tamper resistance of physical token (certification) – Sensor spoofing Global Identity Summit – September 2014 Physical Token Storage 7 9 6 Data Capture 2 1 4 3 Decision Matching Signal Processing 8 5 10 Client/Device Verifier 11 This architecture stores biometric templates on a physical token such as an integrated circuit chip card or smart card. The live sample is compared and matched on the card instead of an external server or device. Successful verification could result in access to and release of an authentication token stored on the card, such as a certificate or key used in an authentication protocol. Store on token, match on server • • • • No central storage (attack point) Matching performed in secure/controlled location Server can sign token prior to deployment (authentication, revocation) Potential vulnerabilities: – Integrity/tamper resistance of physical token – Transmission of sample & template Global Identity Summit – September 2014 Physical Token Storage 7 9 6 Data Capture 2 1 4 3 Client/Device Decision Matching Signal Processing 8 5 Server 10 Verifier 11 This architecture stores biometric templates on a physical token such as an integrated circuit chip card or smart card. In practice, the user inserts the smart card and presents their biometric. Both the stored template and live sample are transmitted to the server for matching. Enrollment threats 12 Identity Proofing 13 7 Biometric Enrollment Storage 9 6 Data Collection 2 1 4 3 Decision Matching Signal Processing 8 10 5 Verifier • System can be compromised during enrollment as well • Identity proofing – Forged docs – Collusion – Records tampering Global Identity Summit – September 2014 11 • Biometric enrollment – Valid biometric/ false identity – Valid identity/ false biometric Challenges Global Identity Summit – September 2014 Challenges 1. 2. 3. 4. 5. 6. 7. Integrity -vs- Secrecy Compromise Revocation Sensor Spoofing/Liveness Detection Entropy/Strength-of-Function Peer Review Methods Privacy Considerations Source: M1/07-0185rev Global Identity Summit – September 2014 Secrecy v. Integrity • Traditional authentication protocols are generally based on the secrecy of the authentication “token”. • However, most biometrics are not considered secrets and therefore fall outside of the traditional paradigm. • This begs the question of the role and relative importance of secrecy and integrity of the biometric data in the overall authentication protocol and system. • When the biometric is not a secret, then why and how should it be protected? • If the authentication protocol cannot rely on the secrecy of the data, what does it rely upon? Global Identity Summit – September 2014 Integrity • Given that secrecy is not the basis of a biometric authentication protocol, then what becomes critical is that: – The biometric is captured from a living, present human being, and – The biometric data has not been modified in any way. • That is, the integrity of the biometric data and process is THE critical factor. Source Authenticity Anti-spoofing/Liveness detection Digital Signatures ACBio? Global Identity Summit – September 2014 Compromise & revocation • Issue – what does ‘compromise’ mean when the authentication token is not a secret? – “Disclosure” ≠ compromise for biometrics – Biometric compromise – an individual has the ability to provide the biometric data of another during an attack • Electronically or physically • Revocation equivalences – Make an enrolled biometric unusable for authentication – Potential approaches • Template encryption and/or binding • ‘Cancellable’ biometrics Transformations • Application specific templates Global Identity Summit – September 2014 Sensor spoofing • SPOOFING = presenting artifacts to sensors for enrollment or recognition, or to circumvent enrollment and recognition processes Examples: • Fingerprint Recognition – Prostheses – Props / Gag Items – Photographs – Residual Prints – Latent Prints • Iris Recognition – Prostheses – Playback – Photographs – Imprinted Contact Lenses Global Identity Summit – September 2014 Face Recognition – Photographs – Disguises / Masks Hand Geometry – Prostheses – Props / Gag Items Voice Recognition – Playback Recordings – Composite Recordings Liveness detection Examples: • Fingerprint Recognition – Spectroscopy – Temporal Variation in Perspiration • Iris Recognition – – – – Photonic and spectrographic countermeasures (e.g. – red eye) Behavioral countermeasures (e.g. – blinking) Analog physical attack countermeasures (e.g. – dye detection) Digital replay attack countermeasures (e.g. – byte scrambling) • Facial Recognition – Reactivity to Cues • Voice Recognition – Recitation of Randomly Generated Passphrases New standard in progress: ISO/IEC 30106, Presentation Attack Detection. Global Identity Summit – September 2014 Entropy / Strength of Function • How does the concept & measurement of entropy differ between biometrics and secrets-based methods? • What is the role of entropy in overall strength of function? • Common assumption to equate entropy of a PIN to the False Accept Rate (FAR) of a biometric system. – Biometric FAR: 0.01% = 1 in 10,000 chance of “guessing” or False Accept – PIN: Four digit PIN = (10x10x10x10), 1 in 10,000 chance of “guessing” the PIN • Entropy of secrets proportional to keyspace. • SOF roughly represents difficulty of mounting an attack. – Many other factors besides entropy for biometrics. Global Identity Summit – September 2014 Strength • Fundamental Discrimination (Entropy) limits – Discrimination, “raw” entropy –ability of mechanism to distinguish between individuals – The exploitation avenue for casual (low or zero-effort) attacks • Human and procedural failures–reduces entropy, sometimes to zero – – – – Social engineering “Easy” secrets Failure to guard secrets Corrupt users/administrators • Technical attacks – Exhaustion attacks against authentication mechanism – Exploitation of vulnerabilities of the authentication mechanism – Indirect attacks against supporting infrastructure • Transmission paths • Databases Global Identity Summit – September 2014 Comparison High Medium Low Biometric Password Token Source: Statham, 2005 Global Identity Summit – September 2014 Peer review • Cryptographic system – Encryption algo’s – Keys Secrecy – Cipher text Peer Review Determine difficulty of discovering key Global Identity Summit – September 2014 • Biometric system – Matching algo’s – Biometric reference – Biometric sample Performance Testing Determine probability of false match Integrity/ Authenticity Privacy • Biometrics declared to be ‘personally identifiable data’ and thus considered sensitive information and subject to privacy rules – Concerns related to disclosure & misuse of data • Privacy rules established, e.g., – – – – Use is per original purpose Due diligence in data protection/access Retention/sharing policies Informed consent • ‘Anonymous’ biometrics v. identity binding Global Identity Summit – September 2014 Findings of AHG on Biometrics in E-Auth • There is a role for biometric authentication at each of the four assurance levels defined in OMB M-04-04 • Some additional challenges and threats accompany the use of biometric authentication, but countermeasures exist to address them. • Biometric authentication can provide significant benefits in certain situations, not least of which is the tight binding of the authentication event to the physical presence of a human claimant. • Biometrics present a different paradigm than traditional authentication methods where authentication data is always secret. Global Identity Summit – September 2014 Findings (cont’d) • In general, integrity and authenticity are more critical than secrecy in a biometric authentication protocol/ implementation, although many mechanisms exist to provide for the privacy of the biometric data. • In addition, some biometrics may be used to convey ancillary information, such as a secret (e.g., a password or PIN) or shared knowledge, by leveraging the ability of the user to control the manner in which the biometric is presented to the system. • Specific recommended edits to SP800-63 are provided in Annex A. Global Identity Summit – September 2014 Conclusion • Identity authentication is a key element of information system and online security • Each authentication method has its own strengths & weaknesses • Biometrics provide strong user authentication but protocols differ from traditional secrets-based methods • There are many ways for using different authentication methods in combination … and advantages to doing so • The landscape is constantly changing Global Identity Summit – September 2014 For your attention! Catherine Tilton VP, Standards & Technology, Daon 11325 Random Hills Rd, Suite 650 Fairfax, VA 22030 703-984-4080 cathy.tilton@daon.com Global Identity Summit – September 2014
