Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Hardware Token Overview

advertisement 
Analysis of Hardware Controls
for Secure Authentication
Group 2
Karan Asnani, John Bowen,
Michael Ellis, Nirav Shah
1
Outline
•
•
•
•
Introduction to access control
Smart cards
Hardware tokens
Biometrics
– Face recognition
– Fingerprint scanning
– Voice recognition
• Conclusion
2
Outline
•
•
•
•
Introduction to access control
Smart cards
Hardware tokens
Biometrics
– Face recognition
– Fingerprint scanning
– Voice recognition
• Conclusion
3
Introduction
• Access control is a key first step in infosec.
• Authentication vs. Authorization.
• Lack of effective access control, especially in the
private sector.
• Various hardware-based authenticators exist.
4
Outline
•
•
•
•
Introduction to access control
Smart cards
Hardware tokens
Biometrics
– Face recognition
– Fingerprint scanning
– Voice recognition
• Conclusion
5
Smart Cards
• Historically popular in Europe.
• Evolved from magnetic stripe cards.
• Four major uses:
– Protect the privacy of individuals and keep their informational
assets safe from hacking.
– Restrict access on to networks or computer systems, possibly in
combination with hardware tokens.
– Restrict physical access to protected areas.
– Storage and encryption of sensitive data like certificates or
passwords, usually in conjunction with a Public Key
Infrastructure (PKI) that involves a certified digital certificate.
6
Categorization by memory
• Memory cards:
– Original version of smart cards.
– Areas for temporary and permanent data.
– Example: Prepaid phone cards.
• Chip cards:
– “True” smart cards.
– Basically small computers containing memory and a
microprocessor.
– Large storage capacity.
7
Internal Architecture of a Chip Card
(Dhar 6)
8
Categorization by interface
• Contact:
– Card in contact with reader for duration of transaction.
– Data transmitted through electrical contact.
– Contacts may wear out.
• Contactless:
–
–
–
–
Speeds up transactions and easy to use.
Long lifetime.
Reduced vandalism of readers.
RFID
9
Pros and Cons
• Pros:
–
–
–
–
Physical access restricted to authorized users.
Large capacity and multifunctionality.
Long lifetime.
Cards can be self-secure.
• Cons:
– Huge risk of card being lost or stolen.
– High initial capital expenditure.
– Issue of human trust.
10
Future
• More research on:
– Improving card technology.
– Reducing cost of implementation.
– Response systems for lost cards.
• Market has huge scope for growth.
• Smart cards are ready and available for wide
scale deployment.
11
Outline
•
•
•
•
Introduction to access control
Smart cards
Hardware tokens
Biometrics
– Face recognition
– Fingerprint scanning
– Voice recognition
• Conclusion
12
Hardware Token Overview
• Goal: To safeguard systems by means of
secure authentication while allowing for dynamic
security.
• Portable
RSA SecurID 700
RSA SecurID 200
• Most produce a unique pass code.
• Different shape, sizes and implementations.
13
History
• Originated as devices called “dongles” in the
1970’s.
• Used serial and parallel ports.
• Could be chained for
multiple authentication.
• Typically used to protect software from being
copied or securing access to private software.
14
Multifactor Authorization
• Three Labels:
– Knowledge-Based Authorization
– Object-Based Authorization
– ID-Based Authorization
• Specifically, most hardware tokens use twofactor authorization.
• “This example of token plus password constitutes the
vast majority of current multifactor implementations” for
hardware authentication today (O’Gorman 2024).
15
Functionality of Hardware Tokens
Two primary token types:
• Time-changing passwords
VeriSign OTP Token
– Most change once every sixty seconds or less.
– Achieved by the hardware token being
synchronized with a system upon initialization.
• Event changing passwords
– Pressing a button.
CRYPTOCard KT1
This generation of a unique password for each use is called
16
a one-time password (OTP).
Pass Code Generation
• Encryption algorithms are secret!
• Vendors change encryption methods in new
models.
– RSA changed SecurID algorithm in 2003
• Most vendors use the Advanced Encryption
Standard in order to generate pass codes.
17
Authentication
• Used to limit access to VPNs, SSH, RAS, wireless
networks, e-mail, etc for Windows and Unix.
• Typically, a user enters knowledge-based password and
object-based OTP in the following way:
STATICDYNAMIC
• Sometimes multifactor encryption is
done solely on the token.
• The authentication process varies
for each vendor and client.
CRYPTOCard RB-1
18
USB Tokens
• Extra storage capacity allows for encryption of
stored files using a public key infrastructure
(PKI).
• Encryption and Decryption are automatic.
• Ability to store certificates on the USB and
allows for digital signing of documents.
19
Market
• RSA Security is the largest single producer of
hardware tokens.
• VeriSign is gaining market share.
• Discount token companies are emerging such
as Vasco.
• Most current use is by government and research
institutions.
• Common institutions are finally beginning to
adopt hardware tokens.
20
Pros and Cons
• Pros:
– One-Time Password
– Two-Factor Authentication
– Increased Mobility
• Cons:
– Easily lost
– Inconvenience
– Costly Implementation
21
The Future of Hardware Tokens
• Bluetooth and Zero-Interaction Authentication
(ZIA).
• Mobile phones and PDAs.
• Increasing adoption facilitates cheaper
technology and more research.
22
Outline
•
•
•
•
Introduction to access control
Smart cards
Hardware tokens
Biometrics
– Face recognition
– Fingerprint scanning
– Voice recognition
• Conclusion
23
Biometrics & Face Recognition
• Biometrics: using/analyzing physical
features of an individual in the fields of
security and access control
– Face recognition: subset of biometrics in
which facial features are analyzed as a
means of:
• Verification
• Identification
– Obvious uses in security in private industry
24
Face Recognition: History
• 1960s
– Woody Bledsoe, Helen Chan Wolf, and Charles
Bisson develop 1st semi-automated recognition
system
• Required human assistance
– Difficulties concerning orientation of face in
calculations
• 1970s
– Introduction of subjective markers to aid in
automation
25
History (continued)
• 1980s
– Kirby and Sirovich apply principal component analysis
-> “Eigenfaces” (discussed later)
• Considered breakthrough in face recognition
• Reduced amount of data required
• 1990s
– Turk and Pentland extend technique to detect the
face in an image
26
Face Recognition: Functionality
•
Two possible functions of face recognition:
Identification problems & verification problems
–
•
General surveillance vs. guaranteeing an identity
Regardless of function, five steps are required:
1.
2.
3.
4.
5.
Acquire image of face
Determine location of face
Analyze face
Compare results of analysis to reference data
Evaluate results of comparison
27
Functionality: Algorithms
• Example algorithms:
–
–
–
–
–
–
Eigenface
Fisherface
Hidden Markov model
Dynamic Link Matching
Elastic Bunch Graph Matching (EBGM)
3D Face Recognition (new)
• Many variations of Eigenface method exist
28
Algorithms: Eigenfaces
• AKA Principal Component Analysis
• “One of the most successful methodologies for
the computational recognition of faces in digital
images”
• Basis: amount of data carried in an image is
much greater than what is needed to describe a
face
– Utilizes linear algebra techniques to compress data
29
Eigenfaces: Principal Component
Analysis (PCA)
• Summary: project input faces onto a dimensional
reduced space to carry out recognition
• The mathematics
– “PCA is a general method for identifying the linear
directions in which a set of [data-containing] vectors
are best represented in a least-squares sense,
allowing a dimensional reduction by choosing the
directions of largest variance” –Javier Ruiz-del-Solar
30
Principal Component Analysis
(continued)
• So what exactly does this mean?
– Facial data from an image (once a face is extracted)
is reduced using data compression basics into
“eigenfaces”
– Face image is represented as a weighted sum of the
eigenfaces
• So…what does this look like?
31
Standard Eigenfaces
Notice how only “relevant”
facial data is retained.
32
Eigenfaces: Conclusion
• Derived eigenfaces are compared to stored
image
• Comparison: distance between respective
weighted sums of eigenfaces
• Close mathematical matches = facial matches
33
Algorithms: 3D Methods
• Capture facial images using more than one
camera
• 3D models hold more information than 2D
– Greater accuracy in recognition
• Algorithm similar to Eigenfaces but with some
additional properties
• 2D recognition currently outperforms 3D
34
Algorithms: Weaknesses
• Affected by viewing angle
• Illumination accentuates/diminishes certain
features
• Expressions cause variations in appearance
• Objects may obscure face
• Faces affected by time
• Sensitivity to gender or ethnicity
35
Face Recognition: Testing
• Face Recognition Technology (FERET) Program
– Three main goals
• Face Recognition Vendor Test (FRVT)
– “measure progress of prototype systems/algorithms
and commercial face recognition systems”
Verification
performance data for
the top three face
recognition
companies tested
36
Face Recognition: Standards
• INCITS M1
• ISO SC37
• In 2004, Department of Homeland Security
adopted 1st biometric face recognition standard
– Used in applications such as travel documents
– Specifies photograph properties
37
Face Recognition: Research &
Market
• Interest in use in security surveillance ->
research in video-based face recognition
• A number of research groups:
– Carnegie Mellon
– University of Maryland
• U.S. government investing in 3D technology
– $6 million in 2005 to A4Vision, Inc.
• French Civil Aviation Authority employing 3D
technology in airport
38
Face Recognition: Pros, Cons, &
Conclusions
• A number of technical difficulties resulting in
relatively poor accuracy
– Face recognition involves too many variables
• Applications in security surveillance due to
nature of face recognition
– Still must overcome accuracy problem
• However, with further research, verification via
face recognition could find a niche in the private
field, especially when coupled with other
technologies
– Iris scanning
39
Outline
•
•
•
•
Introduction to access control
Smart cards
Hardware tokens
Biometrics
– Face recognition
– Fingerprint scanning
– Voice recognition
• Conclusion
40
Fingerprint Authentication
• Form of biometric technology
– ID-based authenticator
– Unique to one person
41
History of Fingerprint
Authentication
• Dr. Henry Faulds - first scientist to mention
identification as a use for fingerprints
• Sir Francis Galton – put fingerprinting on a
scientific basis
• Use of fingerprinting in law enforcement
• Use of Automated Fingerprint Identification
System (AFIS)
42
Functionality of Fingerprint
Authentication
• Characteristics of a fingerprint
– Ridges: Arches, whorls and loops
– Minutia: Ridge endings, bifurcations, divergences,
etc.
• Fingerprint scanning
– Two main types: Optical and Capacitance scanning
43
Optical Scanning
• Photo taken in a process similar to a digital
camera
– Charged Coupled Device (CCD) generates image
through thousands of photosites
• Each photosite records a pixel corresponding to
the light that hits it
44
Capacitance Scanning
• Uses property of capacitance to scan in image
– One or more semiconductor chips each contain
number of cells.
– Each cell has capacitor, and finger changes
capacitance of cell, which generates image, as
capacitance of ridges and valleys are different.
45
Market for Fingerprint
Authentication
• Host of products available from many different
companies
– Identix Inc
– BioScrypt Inc
– Ultra-Scan Corp
• Companies have started to combine different
biometric technologies
– i.e. V-Smart by BioScrypt Inc
46
Pros and Cons of Fingerprint
Authentication
• Pros:
– Extremely stable and hard to forge
– Fairly accurate
– Inexpensive and easy to use
• Cons:
– Not for everybody
– False rejections are common.
– Social stigma
47
Future of Fingerprint Authentication
• Already a fairly established authentication
technology
• Expected to grow steadily through research and
technology
– Fingerprint biometrics expected to reach $2.6 billion
by 2006
• More accurate, inexpensive fingerprint scanners
expected.
48
Outline
•
•
•
•
Introduction to access control
Smart cards
Hardware tokens
Biometrics
– Face recognition
– Fingerprint scanning
– Voice recognition
• Conclusion
49
Voice Authentication
• A type of biometric technology
– ID-based authenticator
– Not always unique to one person
• Two different types:
– Speaker Verification
– Speaker Identification
50
History of Voice Authentication
• Voder – first attempt at synthesizing speech in
1936
• Many commercial products starting in 1970s
– Very limited
• Products became more advanced in 1990s, due
to dot-com era
51
Functionality of Voice
Authentication
• Two main steps: Feature Extraction and Acoustic
Modeling/Classification
• Feature Extraction
– Involves breaking up audio into individual “frames”
– Majority of voice authentication use mel frequency
cepstral coefficients (MFCC)
– Each individual frame is converted to MFCC feature
vector
52
Functionality of Voice
Authentication (continued)
• Acoustic Modeling/Classification
– Several different models used
• Dynamic Warping
• Neural Networks
• Hidden Markov Model
– Translates feature vectors into recognizable words
53
Market for Voice Authentication
• Fairly new technology, so very few vendors
• Large corporations as well as smaller
established companies
–
–
–
–
Microsoft
IBM
Nuance
QVoice Inc
54
Pros and Cons of Voice
Authentication
• Pros:
– Hard to forge
– Low-cost
– Easy to use
• Cons:
– Instable (voice can change)
– Background noise
– Vulnerable to hackers
55
Future of Voice Authentication
• Considered to be in its infancy, as it still has
many problems
• Expected to grow rapidly
• Speech systems that use multiple biometric
technologies and continuous input systems are
expected to grow the fastest
56
Conclusion
• Access control is important in information
security
• Three different hardware-based technologies
discussed
• Multifactor authentication leads to more secure
protection
• Summary – huge potential for growth in the
industry
57
Bibliography
•
Biryukov, Alex , Joseph Lano and Bart Preneel. “Cryptanalysis of the Alleged SecurID Hash Function.” Lecture
Notes in Computer Science 3006 (2004): 130-144.
•
CRYPTOCard Tokens. CRYPTOCard Secure Password Technologies. 14 July 2006.
<http://www.cryptocard.com/index.cfm?PID=377>.
•
Dhar, Sumit. “Introduction to smart cards” 1-9.
•
O'Gorman, Lawrence. "Comparing Passwords, Tokens, and Biometrics for User Authentication." Proceedings of
the IEEE 91.12 (2003): 2021-2040.
•
RSA SecurID Authenticators. RSA Security. 14 July 2006.
<http://www.rsasecurity.com/products/securid/datasheets/SID_DS_0606-4pp.pdf>.
•
Setlak, Dale R. "Advances in Biometric Fingerprint Technology are Driving Rapid Adoption in Consumer
Marketplace." AuthenTec. AuthenTec. 18 July 2006 <http://www.authentec.com/getpage.cfm?sectionID=43>.
•
Smart Card Forum. “What’s so smart about smart cards?” 1-12.
•
Unified Authentication. VeriSign. 15 July 2006. <http://www.verisign.com/products-services/securityservices/unified-authentication/usb-tokens/index.html>.
58
Questions?
59
Related documents
CS 2813 - Loyola College
CS 2813 - Loyola College
CCNA Security - Skill Exam 2012
CCNA Security - Skill Exam 2012
Chapter 11 HW
Chapter 11 HW
Chapter 1:
Chapter 1:
Fingerprinting Puts a More Foolproof Touch on Prime Time 08/30/01
Fingerprinting Puts a More Foolproof Touch on Prime Time 08/30/01
sequence authentication
sequence authentication
010 Roy Feague Day One - Cardiology Workflow Summit
010 Roy Feague Day One - Cardiology Workflow Summit
Security methods and devices, including biometrics
Security methods and devices, including biometrics
Computer and Network Security
Computer and Network Security
Please click on the link to
Please click on the link to
Download
advertisement